<div dir="ltr"><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Thu, Jun 4, 2015 at 12:16 PM, <span dir="ltr"><<a href="mailto:robert@spotswood-computer.net" target="_blank">robert@spotswood-computer.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I have a Debian 7.0 running isc-dhcp-server 4.2.2.<br>
<br>
My server has a single NIC, and using iproute, I've added additional<br>
addresses (some lines snipped for brevity):<br>
<br>
eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX<br>
inet addr:192.168.220.111 Bcast:192.168.220.255<br>
Mask:255.255.255.0<br>
<br>
eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX<br>
inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0<br>
<br>
My goal is for the dhcp server to hand out unknown clients addresses from<br>
the 10.111.111.X pool, and known client to get something from the<br>
192.168.220.X pool. Since these are on the same subnet, I [believe] this<br>
requires a shared-network block. My dhcpd.conf file looks like (with<br>
comments and global options stripped out for brevity):<br>
<br>
shared-network my-net {<br>
subnet 192.168.200.0 netmask 255.255.255.0 {<br>
range 192.168.200.194 192.168.200.200;<br>
range 192.168.200.215 192.168.200.250;<br>
<br>
ignore unknown-clients;<br>
<bunch of options removed><br>
} #subnet 192.168.200.0<br>
<br>
subnet 10.111.111.0 netmask 255.255.255.0 {<br>
range 10.111.111.5 10.111.111.200;<br>
allow unknown-clients;<br>
<bunch of options removed><br>
} #subnet 10.111.111.0<br>
} #shared-network<br>
<br>
It runs, but only gives out 192 addresses. If I reverse the order, so the<br>
10 subnet declaration comes first, then it hands out 10 addresses, but not<br>
192 addresses.<br>
<br>
Any ideas what I am doing wrong?<br><br></blockquote><div><br></div><div>From the man page (you probably already know this):</div><div> " The unknown-clients flag is used to tell dhcpd whether or not to dynamically assign addresses to</div><div> unknown clients. Dynamic address assignment to unknown clients is allowed by default. An unknown</div><div> client is simply a client that has no host declaration.</div><div><br></div><div> The use of this option is now deprecated. If you are trying to restrict access on your network to</div><div> known clients, you should use deny unknown-clients; inside of your address pool, as described under</div><div> the heading ALLOW AND DENY WITHIN POOL DECLARATIONS."</div><div><br></div><div>---- But let me suggest trying:</div><div><br></div><div> subnet 192.168.200.0 netmask 255.255.255.0 {<br> deny unknown-clients;<br>...<br> subnet 10.111.111.0 netmask 255.255.255.0 {<br> deny known-clients;<br></div><div class="gmail_extra"><div><div class="gmail_signature"><br></div><div class="gmail_signature">--- What might work even better is to use a "class" to list which clients are allowed, instead of 'host' declarations.</div><div class="gmail_signature"><br>-- <br></div></div></div><div>Bob Harold </div></div><br></div></div>