dhcp and vlans

Stefan Pandele stefan_pandele at yahoo.com
Wed Oct 7 16:00:51 UTC 2009


"You need to clarify exactly what you need here - I can see two variations when a device with public IP in vlan100 moves to vlan 200"

when a user moves form vlan 100 to vlan 200, the user's mac will not be in the public subnet of vlan 200 and dhcp must give him an ip address from the private subnet of vlan 200. then, if I bind his mac address of a private ip address from vlan 200, next time he reboots, dhcp will give him the public ip address, else dhcp must give him am ip address from the private subnet of vlan 200

thanks,
stefan




________________________________
From: Simon Hobson <dhcp1 at thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Sent: Tue, October 6, 2009 4:20:02 PM
Subject: Re: dhcp and vlans

Stefan Pandele wrote:

> I want to do the following task and I do not know how:
> 
> I have a cisco l3 sw on witch I have many vlans
> on every interface vlan I have an public ip class
> I want to add a secondary private ip class ( 192.168.100.0/24 on vlan 100, 192.168.200.0/24 on vlan 200, and so on) on each interface vlan.

First step - you need to define a shared subnet for each vlan, like this :

shared-subnet "vlan100" {
  subnet a.b.c.0 ...
  subnet 192.168.100.0 ..
}

> after that when a client from vlan 100 have the mac address bind of an ip address form the public subnet of dhcp.conf, dhcp to give him that public ip address.
> if the user change his network adapter then the new mac address won;t be bind of the same ip address.
> in that point I want that dhcp to give him a random ip address from the private ip address class range ( ex 192.168.100.75).



> if the clinet moves into a vlan 200 port, dhcp must give him an ip address from 192.168.200.0/24 class ( ex 192.168.200.14).


You need to clarify exactly what you need here - I can see two variations when a device with public IP in vlan100 moves to vlan 200 :

a) it gets a public address.

b) it gets a private address.


a) is probably simplest. You define your subnets thus :
shared-subnet "vlan100" {
  subnet a.b.c.d ...
    pool {
      range a,b,c,x a.b.c.y ;
      allow known-clients ;
    }
  subnet 192.168.100.0 ..
    pool {
      range 192.168.100.x 192.168.100.y ;
      deny known-clients ;
    }
}

And define known clients with host statements IN THE GLOBAL SCOPE :
host "somename" {
  hardware ethernet aa:bb:cc:dd:ee:ff ;
}

Clients with a matching host declaration are "known" and entitled to an address from the public range from the vlan they are connected to. Others will get a private address.


b) is a little harder, but not much.

You define a class for 'known' hosts for each vlan :

class "vlan100" {
  match ...
}

shared-subnet "vlan100" {
  subnet a.b.c.d ...
    pool {
      range a,b,c,x a.b.c.y ;
      allow members of "vlan100" ;
    }
  subnet 192.168.100.0 ..
    pool {
      range 192.168.100.x 192.168.100.y ;
      deny members of "vlan100" ;
    }
}

A client that matches a class will be allowed a public IP when connected to the relevant vlan. When connected anywhere else it will get a private address.

Class matching is more flexible - you can match on arbitrary expressions, not just MAC address. You could use a single global class in option a) to get this level of flexibility.


Your friends are the man pages - dhcpd.conf to start with, and dhcp-eval for info about expressions available.

-- Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091007/5b04bdba/attachment.html>


More information about the dhcp-users mailing list