Client tied to pool via (sub)class in one subnet, same client has host declaration in other subnet...

Sten Carlsen stenc at s-carlsen.dk
Thu Sep 19 09:34:03 UTC 2013


You have put the host declaration inside the subnet declaration.
When you do that, it has the side effect that it will get its router and 
some other settings from that subnet. The general advice is to have all 
host declarations outside all subnet declarations as they are global in 
scope no matter where they are placed, inheritance is from where they 
are placed.

It could also look like the class and subclass declarations inherit form 
the subnets they are placed in. I suggest to move them to outside all 
subnets, they are global anyway.

Also subnet a.tu-clausthal.de allows the class, try using deny here.



On 19/09/13 11.14, Christian Marg wrote:
> Hello,
>
> I've encountered a problem with our DHCP config:
>
> A (mobile) client, having a host declaration with "fixed-address" in 
> one subnet, gets it's IP, but the router IP etc. comes from another 
> subnet - where that same client is bound to a pool via (sub)class.
>
> The config looks like this:
>
> ====8<====8<====8<====8<====
> subnet 192.168.65.0 netmask 255.255.255.0 {
>   option domain-name "a.tu-clausthal.de";
>   option routers 192.168.65.254;
>   option domain-name-servers ...
>   option broadcast-address 192.168.65.255;
>
>   host a.a.tu-clausthal.de {
>     hardware ethernet 5c:26:0a:06:11:2f;
>     fixed-address 192.168.65.128; }
> }
>
> subnet 192.168.102.0 netmask 255.255.255.0 {
>   option domain-name "b.tu-clausthal.de";
>   option routers 192.168.102.254;
>   option domain-name-servers ...;
>   option broadcast-address 192.168.102.255;
>
>   class "192.168.102-shared-pool"  {
>       match  hardware;
>   }
>
>   subclass "139.174.102-shared-pool-test" 1:5c:26:0a:06:11:2f;
>
>   pool {
>     failover peer    "dhcp";
>     range        192.168.102.231 192.168.102.251;
>     ping-check        true;
>     max-lease-time    3600;
>     min-lease-time    1800;
>     adaptive-lease-time-threshold  80;
>     allow members of    "192.168.102-shared-pool";
>     deny dynamic bootp clients;
>   }
> }
> ====8<====8<====8<====8<====
>
> Connecting it to a network port in subnet 192.168.65.0 leads to 
> following result:
>
> IP: 192.168.65.128
> domain: "b.tu-clausthal.de"
> router: 192.168.102.254
> broadcast: 192.168.102.254
>
> When I comment out the "subclass" line, it works as expected...
>
> How can I work around this problem? I googled to see if I could the 
> class match only if the giaddr is 192.168.102.254, but all I found was 
> "that's not needed, DHCPD does that automatically" - which is usually 
> right, but no solution to this problem...
>
> Is there another way to restrict a Pool to certain MAC adresses?
>
> Thanks in advance!
>
> Best regards,
>
> Christian Marg

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

        "MALE BOVINE MANURE!!!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20130919/8843636f/attachment.html>


More information about the dhcp-users mailing list