DHCP and 2 subnets
carnold at electrichendrix.com
Mon Apr 7 20:48:21 UTC 2008
>OK, then your router is a complete waste of time and gives you zero
>security between these two subnets
There is security as we have intra-zone policies. And we have IDP configured. We have not seen a problem yet. Any device on any network is protected using that router/firewall.
>You have two choices, either declare these two subnets as a shared
>subnet, or properly segregate them on two different switches on
>different router interfaces (either real or VLAN).
After talking it over with the boss, we are going to do a shared network thing. There are too many things already hooked up and working in this current config. Also, the juniper/netscreen device is kind of old and does not have but 2 ports, 1 untrust and 1 trust. We will need to find a device that will give us an "optional/dmz" port.
>With no config, the
>server will treat the two subnets as equal and will be free to assign
>any client to either subnet. To change this will involve using some
>mechanism to identify which clients go where.
What mechanisms can we use? Are there some that can fit into the dhcp.conf file. Like defining a MAC and based on that MAC assign an IP from a specific subnet?
More information about the dhcp-users