<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:'times new roman', 'new york', times, serif;font-size:12pt"><div><span class="Apple-style-span" style="font-family: arial, helvetica, sans-serif; font-size: 13px; ">"You need to clarify exactly what you need here - I can see two variations when a device with public IP in vlan100 moves to vlan 200"</span></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;">when a user moves form vlan 100 to vlan 200, the user's mac will not be in the public subnet of vlan 200 and dhcp must give him an ip address from the private subnet of vlan 200. then, if I bind his mac address of a private ip address from vlan 200,
next time he reboots, dhcp will give him the public ip address, else dhcp must give him am ip address from the private subnet of vlan 200</span></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;"><br></span></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;">thanks,</span></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif" size="3"><span class="Apple-style-span" style="font-size: 13px;">stefan</span></font></div><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><br></div><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><br><div style="font-family:arial, helvetica, sans-serif;font-size:13px"><font size="2" face="Tahoma"><hr size="1"><b><span style="font-weight:
bold;">From:</span></b> Simon Hobson <dhcp1@thehobsons.co.uk><br><b><span style="font-weight: bold;">To:</span></b> Users of ISC DHCP <dhcp-users@lists.isc.org><br><b><span style="font-weight: bold;">Sent:</span></b> Tue, October 6, 2009 4:20:02 PM<br><b><span style="font-weight: bold;">Subject:</span></b> Re: dhcp and vlans<br></font><br>
Stefan Pandele wrote:<br><br>> I want to do the following task and I do not know how:<br>> <br>> I have a cisco l3 sw on witch I have many vlans<br>> on every interface vlan I have an public ip class<br>> I want to add a secondary private ip class ( 192.168.100.0/24 on vlan 100, 192.168.200.0/24 on vlan 200, and so on) on each interface vlan.<br><br>First step - you need to define a shared subnet for each vlan, like this :<br><br>shared-subnet "vlan100" {<br> subnet a.b.c.0 ...<br> subnet 192.168.100.0 ..<br>}<br><br>> after that when a client from vlan 100 have the mac address bind of an ip address form the public subnet of dhcp.conf, dhcp to give him that public ip address.<br>> if the user change his network adapter then the new mac address won;t be bind of the same ip address.<br>> in that point I want that dhcp to give him a random ip address from the private ip address class range ( ex
192.168.100.75).<br><br><br><br>> if the clinet moves into a vlan 200 port, dhcp must give him an ip address from 192.168.200.0/24 class ( ex 192.168.200.14).<br><br><br>You need to clarify exactly what you need here - I can see two variations when a device with public IP in vlan100 moves to vlan 200 :<br><br>a) it gets a public address.<br><br>b) it gets a private address.<br><br><br>a) is probably simplest. You define your subnets thus :<br>shared-subnet "vlan100" {<br> subnet a.b.c.d ...<br> pool {<br> range a,b,c,x a.b.c.y ;<br> allow known-clients ;<br> }<br> subnet 192.168.100.0 ..<br> pool {<br> range 192.168.100.x 192.168.100.y ;<br> deny known-clients ;<br> }<br>}<br><br>And define known clients with host statements IN THE GLOBAL SCOPE :<br>host "somename" {<br> hardware ethernet
aa:bb:cc:dd:ee:ff ;<br>}<br><br>Clients with a matching host declaration are "known" and entitled to an address from the public range from the vlan they are connected to. Others will get a private address.<br><br><br>b) is a little harder, but not much.<br><br>You define a class for 'known' hosts for each vlan :<br><br>class "vlan100" {<br> match ...<br>}<br><br>shared-subnet "vlan100" {<br> subnet a.b.c.d ...<br> pool {<br> range a,b,c,x a.b.c.y ;<br> allow members of "vlan100" ;<br> }<br> subnet 192.168.100.0 ..<br> pool {<br> range 192.168.100.x 192.168.100.y ;<br> deny members of "vlan100" ;<br> }<br>}<br><br>A client that matches a class will be allowed a public IP when connected to the relevant vlan. When connected anywhere else it will get a private address.<br><br>Class matching is more flexible -
you can match on arbitrary expressions, not just MAC address. You could use a single global class in option a) to get this level of flexibility.<br><br><br>Your friends are the man pages - dhcpd.conf to start with, and dhcp-eval for info about expressions available.<br><br>-- Simon Hobson<br><br><span>Visit <a target="_blank" href="http://www.magpiesnestpublishing.co.uk/">http://www.magpiesnestpublishing.co.uk/</a> for books by acclaimed</span><br>author Gladys Hobson. Novels - poetry - short stories - ideal as<br>Christmas stocking fillers. Some available as e-books.<br>_______________________________________________<br>dhcp-users mailing list<br><a ymailto="mailto:dhcp-users@lists.isc.org" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a><br><a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br></div></div><div style="position:fixed"></div></div><br>
</body></html>