Problem with shared-network

robert at spotswood-computer.net robert at spotswood-computer.net
Fri Jun 5 15:21:10 UTC 2015


I did later, per some suggestions, add pool declarations. The ignore
unknown-clients does work.

> In addition to the subnet and pool declarations you also need "host"
> statements for each of the clients you want to be "known". A client
> matches the "deny unknown-clients" if it has a host statement, otherwise
> it matches "allow unknown-clients".
>
> host "known1" { hardware ethernet aa:bb:cc:dd:ee:ff; }
>
> shared-network my-net {
>         subnet 192.168.200.0 netmask 255.255.255.0 {
>                 pool {
>                         deny unknown-clients;
>                         range 192.168.200.194 192.168.200.200;
>                 } # pool declaration
>          subnet 10.111.111.0 netmask 255.255.255.0 {
>                  pool {
>                         allow unknown-clients;
>                         range 10.111.111.5 10.111.111.200;
> }
>         }
> }
>
> regards,
> -glenn
>
>
> On Fri, June 5, 2015 3:38 am, robert at spotswood-computer.net wrote:
>> <aside>I use ignore rather than deny to keep my logs cleaner. Deny logs
>> every attempt. The ignore just ignores. And yes, I realize mac filtering
>> can be easily defeated by a knowledgeable opponent. A weak attempt at
>> security is not my purpose for using mac lists.</aside>
>>
>> I did not have pools. Now I do. Unfortunately, I still get the same
>> behavior. Just for kicks, I reversed the order of the subnets, and to my
>> surprise, still got the same behavior, except now the 192 subnet still
>> works. So the pools helped. This makes me believe the problem is the 10
>> subnet declaration.
>>
>> I removed the 192 subnet and the shared-network and just left the 10
>> subnet. When I attempted to restart the DHCP server, I got the no subnet
>> declaration for eth0 and it exited. Adding eth0:1 to both the command
>> line
>> and /etc/defaults/isc-dhcp-server did not change the result, only the
>> error message: "No subnet declaration for eth0:1 (No IPv4 addresses)"
>>
>> So despite the shared-network statement, the DHCP server still doesn't
>> recognize virtual interfaces??? Can this be right?
>>
>>> I'm not an expert, but I have something like this and did a little
>>> digging. Documentation seems to indicate the allow/deny you are trying
>>> is
>>> a pool-level declaration, and that's where I'm using them successfully.
>>> You don't appear to have a pool defined unless it's part of what you
>>> snipped.
>>>
>>> Oh, and they use allow/deny rather than allow/ignore, which may be
>>> pertinent. I certainly don't know all the options that work or don't.
>>>
>>> Is it possible that what you want is something like
>>>
>>> shared-network my-net {
>>>         subnet 192.168.200.0 netmask 255.255.255.0 {
>>>                 pool {
>>>                         deny unknown-clients;
>>>                         range 192.168.200.194 192.168.200.200;
>>>                 } # pool declaration
>>>         subnet #second subnet
>>>                  pool { #second pool declaration }
>>>
>>> ________________________________________
>>> From: dhcp-users-bounces at lists.isc.org
>>> [dhcp-users-bounces at lists.isc.org]
>>> on behalf of robert at spotswood-computer.net
>>> [robert at spotswood-computer.net]
>>> Sent: Thursday, June 04, 2015 11:16 AM
>>> To: dhcp-users at lists.isc.org
>>> Subject: Problem with shared-network
>>>
>>> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>>>
>>> My server has a single NIC, and using iproute, I've added additional
>>> addresses (some lines snipped for brevity):
>>>
>>> eth0      Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>>>           inet addr:192.168.220.111  Bcast:192.168.220.255
>>> Mask:255.255.255.0
>>>
>>> eth0:1    Link encap:Ethernet  HWaddr 00:50:56:XX:XX:XX
>>>           inet addr:10.111.111.1  Bcast:10.255.255.255
>>> Mask:255.255.255.0
>>>
>>> My goal is for the dhcp server to hand out unknown clients addresses
>>> from
>>> the 10.111.111.X pool, and known client to get something from the
>>> 192.168.220.X pool. Since these are on the same subnet, I [believe]
>>> this
>>> requires a shared-network block. My dhcpd.conf file looks like (with
>>> comments and global options stripped out for brevity):
>>>
>>> shared-network my-net {
>>>         subnet 192.168.200.0 netmask 255.255.255.0 {
>>>                 range 192.168.200.194 192.168.200.200;
>>>                 range 192.168.200.215 192.168.200.250;
>>>
>>>                 ignore unknown-clients;subnet 10.111.111.0 netmask
> 255.255.255.0 {
>>>                 range 10.111.111.5 10.111.111.200;
>
>>>   <bunch of options removed>
>>>         } #subnet 192.168.200.0
>>>
>>>         subnet 10.111.111.0 netmask 255.255.255.0 {
>>>                 range 10.111.111.5 10.111.111.200;
>>>                 allow unknown-clients;
>>> <bunch of options removed>
>>>         } #subnet 10.111.111.0
>>> } #shared-network
>>>
>>> It runs, but only gives out 192 addresses. If I reverse the order, so
>>> the
>>> 10 subnet declaration comes first, then it hands out 10 addresses, but
>>> not
>>> 192 addresses.
>>>
>>> Any ideas what I am doing wrong?
>>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>




More information about the dhcp-users mailing list