DHCP and 2 subnets

Chris Arnold carnold at electrichendrix.com
Mon Apr 7 20:48:21 UTC 2008


>OK, then your router is a complete waste of time and gives you zero 
>security between these two subnets 

There is security as we have intra-zone policies. And we have IDP configured. We have not seen a problem yet. Any device on any network is protected using that router/firewall.

>You have two choices, either declare these two subnets as a shared 
>subnet, or properly segregate them on two different switches on 
>different router interfaces (either real or VLAN).

After talking it over with the boss, we are going to do a shared network thing. There are too many things already hooked up and working in this current config. Also, the juniper/netscreen device is kind of old and does not have but 2 ports, 1 untrust and 1 trust. We will need to find a device that will give us an "optional/dmz" port.

>With no config, the 
>server will treat the two subnets as equal and will be free to assign 
>any client to either subnet. To change this will involve using some 
>mechanism to identify which clients go where.

What mechanisms can we use? Are there some that can fit into the dhcp.conf file. Like defining a MAC and based on that MAC assign an IP from a specific subnet?





More information about the dhcp-users mailing list