Simon Hobson dhcp1 at
Sat Sep 29 21:37:08 UTC 2007

Ashley M. Kirchner wrote:

>    I want to give each department in our building their own subnet 
>and I'm a bit confused on how to get that done.

Reading your questions suggests you need to read up a bit on IP 
subnets and routing.

>    authoritative;
>    subnet netmask
>       range;  # .1 - .4, .251 - .255 reserved
>       max-lease-time 86400;
>       default-lease-time 57600;
>       min-lease-time 300;
>       option routers;
>       option broadcast-address;
>       option domain-name-servers;
>       option ip-forwarding off;
>       ddns-update-style interim;
>       ignore client-updates;
>       # Static Rats
>       group {
>          host server_1 { hardware ethernet 11:11:11:11:11:11; 
>fixed-address; }
>          host server_2 { hardware ethernet 22:22:22:22:22:22; 
>fixed-address; }
>          host server_3 { hardware ethernet 33:33:33:33:33:33; 
>fixed-address; }
>       }

That is BAD, you have fixed-address which are also available for 
allocation dynamically. Any address that is not to be dynamically 
allocated must NOT be in a range statement.

>       # Shippping Kernels
>       group {
>          host fedex { hardware ethernet 44:44:44:44:44:44; }
>          host ups   { hardware ethernet 55:55:55:55:55:55; }
>          host rep_1 { hardware ethernet 66:66:66:66:66:66; }
>          host rep_2 { hardware ethernet 77:77:77:77:77:77; }
>       }
>       # Sales Bullies
>       group {
>          host sales_1 { hardware ethernet 88:88:88:88:88:88; }
>          host sales_2 { hardware ethernet 99:99:99:99:99:99; }
>       }
>    }
>    What I'd like to do is give each group their own range, for example:
>       # Shipping Kernels gets (.32 - .47)
>       # Sales Bullies gets (.48 - .63)
>       etc., etc.
>    However, they would all still need to route through the same 
>    Do I simply specify a range within each group and hope for the 
>best?  Or do I nix the global subnet{} statement and set each 
>group{} with its own subnet?  How does routing work then since each 
>group{} would have it's own broadcast ip?

Is this an isolated network ? Ie, is there anyone else using the 
192.168.x.y address space that you need to work with ?

If this is an isolated network then I would suggest it's better to go 
bigger than smaller. Going down to a four bit subnet means that you 
waste a minimum of 3 address out of every 16 and leave yourself with 
only 13 addresses.

I would suggest sticking with a /24 subnet mask and use more of the 
192.168 address space - eg use, and 
so on.

Each subnet will need to have it's own router - a client in cannot use as it's router, and neither 
can a client in In both cases, the router is not in 
the same subnet as the client.

What you can do (on all but the cheapest routers) is to add multiple 
ip subnets to the one interface - if you run a shared network. A 
shared network is where you have ONE ethernet network and multiple 
subnets. You will need to use classes to allocate dynamic clients to 
a particular subnet - see man dhcpd.conf and look for the sections on 
classes and subclasses where there is an example of how to do this.

If you do not use a shared network, ie you have either multiple 
switches or vlans to separate clients, then you will need to have a 
router with an interface in each separate network. You will also need 
to give your dhcp server an interface in each network OR have the 
router act as a dhcp relay agent (aka dhcp helper, aka bootp relay). 
But each client will get an appropriate address automagically !

More information about the dhcp-users mailing list