Problem with shared-network

Bob Harold rharolde at umich.edu
Thu Jun 4 16:33:09 UTC 2015 

On Thu, Jun 4, 2015 at 12:16 PM, <robert at spotswood-computer.net> wrote:

> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0      Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>           inet addr:192.168.220.111  Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1    Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>           inet addr:10.111.111.1  Bcast:10.255.255.255  Mask:255.255.255.0
>
> My goal is for the dhcp server to hand out unknown clients addresses from
> the 10.111.111.X pool, and known client to get something from the
> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
> requires a shared-network block. My dhcpd.conf file looks like (with
> comments and global options stripped out for brevity):
>
> shared-network my-net {
>         subnet 192.168.200.0 netmask 255.255.255.0 {
>                 range 192.168.200.194 192.168.200.200;
>                 range 192.168.200.215 192.168.200.250;
>
>                 ignore unknown-clients;
>   <bunch of options removed>
>         } #subnet 192.168.200.0
>
>         subnet 10.111.111.0 netmask 255.255.255.0 {
>                 range 10.111.111.5 10.111.111.200;
>                 allow unknown-clients;
> <bunch of options removed>
>         } #subnet 10.111.111.0
> } #shared-network
>
> It runs, but only gives out 192 addresses. If I reverse the order, so the
> 10 subnet declaration comes first, then it hands out 10 addresses, but not
> 192 addresses.
>
> Any ideas what I am doing wrong?
>
>
>From the man page (you probably already know this):
      " The unknown-clients flag is used to tell dhcpd whether or not to
dynamically  assign  addresses  to
       unknown  clients.  Dynamic address assignment to unknown clients is
allowed by default.  An unknown
       client is simply a client that has no host declaration.

       The use of this option is now deprecated.  If you are trying to
restrict access on your network  to
       known clients, you should use deny unknown-clients; inside of your
address pool, as described under
       the heading ALLOW AND DENY WITHIN POOL DECLARATIONS."

---- But let me suggest trying:

        subnet 192.168.200.0 netmask 255.255.255.0 {
                deny unknown-clients;
...
        subnet 10.111.111.0 netmask 255.255.255.0 {
                deny known-clients;

--- What might work even better is to use a "class" to list which clients
are allowed, instead of 'host' declarations.

-- 
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20150604/1016e19e/attachment.html>

More information about the dhcp-users mailing list