<!--/*SC*/DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"/*EC*/-->
<html><head><title></title><style type="text/css"><!-- body{padding:1ex;margin:0;font-family:sans-serif;font-size:small}a[href]{color:-moz-hyperlinktext!important;text-decoration:-moz-anchor-decoration}blockquote{margin:0;border-left:2px solid #144fae;padding-left:1em}blockquote blockquote{border-color:#006312}blockquote blockquote blockquote{border-color:#540000} --></style></head><body><div style="font-family: Arial; font-size: medium;" dir="ltr"><div>
Your shared-network "ignore me" statement is fine -- it'll ignore any requests for DHCP service on any subnets that are present within that shared-network. This sounds as though it matches what you desire.</div>
<div>
</div>
<div>
The shared-network "vlan 2" isn't quite what you want. The configuration needs to have a single shared-network statement for each distinct network that it will be responding to.</div>
<div>
</div>
<div>
For example:</div>
<div>
</div>
<div>
You have two separate physical networks in building A; each one has its own /24 network only:</div>
<div>
</div>
<div>
shared-network "buildingA-net1" {</div>
<div>
subnet 10.1.0.0 netmask 255.255.255.0 {</div>
<div>
blah;</div>
<div>
}</div>
<div>
}</div>
<div>
</div>
<div>
shared-network "buildingA-net2" {</div>
<div>
subnet 10.2.0.0 netmask 255.255.255.0 {</div>
<div>
blah;</div>
<div>
}</div>
<div>
}</div>
<div>
</div>
<div>
Then the finance department, for example, buys 200 new PCs, and the existing network that they use (net2) doesn't have enough IP addresses available. There are obviously numerous solutions to that problem, but one of the solutions is to operate multiple subnets on the same network:</div>
<div>
</div>
<div>
shared-network "buildingA-net2" {</div>
<div>
subnet 10.2.0.0 netmask 255.255.255.0 {</div>
<div>
blah;</div>
<div>
}</div>
<div>
subnet 10.3.0.0 netmask 255.255.255.0 {</div>
<div>
blah;</div>
<div>
}</div>
<div>
}</div>
<div>
</div>
<div>
The result is that any device requesting an IP address on that physical network may be issued an IP address from any range/pool/subnet within that shared-network -- you're effectively telling dhcpd that both of those subnets are valid to be issued on only that network. In this example, you would not want subnet 10.1.0.0/24 to be in the same shared-network, because it is a separate physical network. If you were to put all three of these example subnets in the same shared-network, then any device on either of the two physical networks could be issued any IP address from any of the three different subnets.</div>
<div>
</div>
<div>
It is not required that a shared-network statement be used for each network; if a subnet is declared outside of the scope of a shared-network, the effective configuration considers it to be in a shared pool with no other subnets (note that I haven't reviewed the code to validate that it's how it technically considers it, but they are configuration equivalents). It is my practice (and I recommend it to others) that every network have a shared-network statement, simply for greater clarity, even if there is only one subnet on that network.</div>
<div>
</div>
<div>
Any clearer, yet?</div>
<div>
</div>
<div>
---</div>
<div>
Andrew Michael Stemen</div>
<div>
<a href="mailto:andrew@andrewmstemen.net">andrew@andrewmstemen.net</a></div>
<div>
</div>
<div class="defangedMessage">
<div id="me83402">
<div>
On Wed, 20 Apr 2011 09:45 -0500, "Marc Perea" <marccp@srttel.com> wrote:</div>
<blockquote class="me83402QuoteMessage" type="cite">
<div dir="ltr" style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<div>
I'm going to pipe in here because I'm still a bit confused about the proper use of shared-network. What's the use case for it's proper use?</div>
<div>
</div>
<div>
I'm currently configured with 2 shared-network statements, and I'm guessing it's wrong. My DHCP server resides on a single vlan, single interface. The interface is on our server VLAN, where it is not authoritative and I want to ignore booting. I made that one shared-network (ignore-me). Our BRAS is a L3 relay and directs all DHCP broadcast to unicast by IP to the server. I made this a 2nd shared-network. I originally had it all as one S-N, but dhcpd was still responding to requests on the server VLAN, so I moved it out to actually ignore booting. My configuration snip:</div>
<div>
</div>
<div>
shared-network "ignore me" {<br />
subnet 1.2.3.4 netmask 255.255.255.128 { #SERVER VLAN<br />
ignore booting;<br />
}<br />
}</div>
<div>
shared-network "vlan 2" {<br />
subnet 10.1.0.0 netmask 255.255.255.224 { #TEST ISG-10K<br />
authoritative;<br />
...</div>
<div>
}<br />
subnet 10.170.0.0 netmask 255.255.0.0 { #LOAD TEST<br />
authoritative;<br />
...</div>
<div>
}<br />
subnet 10.2.0.0 netmask 255.255.192.0 { #PRODUCTION ISG-10K<br />
authoritative;<br />
...</div>
<div>
}<br />
subnet 10.3.0.0 netmask 255.255.255.128 { #ASR1<br />
authoritative;<br />
...</div>
<div>
}<br />
}</div>
<div>
Does this appear right or wrong? If it's wrong, any explanation of why moving the server subnet into the vlan-2 S-N would cause it to hand out IPs from one of the other subnets, instead of ignoring booting?</div>
<div>
</div>
<div>
Thanks!</div>
<div>
</div>
<div>
--Marc</div>
<pre>
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
</pre>
</div>
</blockquote>
</div>
</div>
<div>
</div>
</div></body></html>