DHCP with static and dynamic addresses
|
Hi dear fellows,
I want to setup my network in the following way: 1)unknown clients get a dynamic address from range A, with router R1, and DNS1 and DNS2. 2)known clients (by specific MAC addresses) get a dynamic address from range B, with router R2, and DNS3 and DNS4. 3)known clients (by specific MAC addresses) use a fixed address from range C, with router R3, and DNS5 and DNS6. The requirement 1 was easy to setup. The requirement 3 was easy to setup with a host and a fixed-address declaration. I am having trouble with the requirement 2. If a create a host declaration without the fixed-address keyword,
Code:
host h2 {
hardware ethernet 11:15:c5:39:14:42;
option routers 192.168.160.252;
}
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool {
range 192.168.160.1 192.168.160.128; # range A
option routers 192.168.160.251;
allow unknown-clients;
}
pool {
range 192.168.160.129 192.168.160.148; # Range B
option routers 192.168.160.252;
deny unknown-clients;
host h2 {
hardware ethernet 11:15:c5:39:14:42;
option routers 192.168.160.252;
}
}
host h3{
hardware ethernet 10:25:c6:76:34:02;
fixed-address 192.168.160.200
option routers 192.168.160.253;
}
}
|
|
 09-14-2007, 05:17 PM |
#2 |
|
LQ Newbie
Registered: Jan 2006
Posts: 5
Rep:
|
If I am not wrong please check your mask values ...
255.255.255.Subnet value For example 64 IP pool it is 252. |
| 09-15-2007, 01:04 AM |
#3 | |
|
Member
Registered: Dec 2006
Location: Ogden, UT (Go OALUG!)
Distribution: OpenSuSE 10.1
Posts: 61
Rep:
|
.160.* pool
Quote:
Are you running multiple routers? What's your topo? Gryyphyn |
|
| 09-15-2007, 05:01 AM |
#4 |
|
Member
Registered: Jul 2007
Distribution: mandrake Mandriva Redhat CentOS Slackware
Posts: 221
Rep:
|
you can verify your dhcpd configuration file ..restart dhcpd and check /var/log/messages..for any typo or other error.
|
| 09-16-2007, 07:56 AM |
#5 | |
|
Senior Member
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries:
15
Rep:
|
If the math is giving you problems,
ipcalc is a very useful tool:
http://freshmeat.net/projects/ipcalc/
Quote:
|
|
| 09-17-2007, 07:21 AM |
#6 |
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,385
Blog Entries:
1
Original Poster
Rep:
|
I'm sorry for all, but I don't understand what is the point with netmask.
I'm not working with sub-nets. There is only one standard C class /24 here. Am I missing something ? The point is not to get to work with sub-class, but why the workstations are not getting addresses from pool B. Or are you saying I could get this to work if I use subnets instead a plain class C ? I never setup a DHCP server with pools, so I am not sure if this is the way to use pools, or even if pools could do what I am looking for. thanks, |
| 09-17-2007, 10:28 AM |
#8 |
|
Member
Registered: Jul 2007
Location: Netherlands
Distribution: Archlinux x86_64
Posts: 48
Rep:
|
A router is automatically the boundary of a (sub)network , and you have 3 different network setups.
You need to define 3 subnets. Easy way : unknown clients 192.168.160.0 , netmask 255.255.255.0 known clients 192.168.160.1 , netmask 255.255.255.0 fixed address 192.168.160.2 , netmask 255.255.255.0 If you want to keep it in the same C-class adress keep in mind that subnets always start at n^2 and end at (n+1)^2 - 1 : ex : 0-127 , 128-131 , 192 - 223 |
| 09-17-2007, 10:40 AM |
#9 | ||
|
Guru
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries:
5
Rep:
|
The
dhcpd.conf man page shows that being done in the pool using the allow and deny statements.
http://www.daemon-systems.org/man/dhcpd.conf.5.html
Quote:
Code:
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
# Unknown clients get this pool.
pool {
option domain-name-servers bogus.example.com;
max-lease-time 300;
range 10.0.0.200 10.0.0.253;
allow unknown-clients;
}
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}
}
Quote:
|
||
| 09-17-2007, 12:36 PM |
#10 | |
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,385
Blog Entries:
1
Original Poster
Rep:
|
Quote:
The firewall allow internet access to a range of IPs, in this case, range B. Anyone can connect to our internal network and get an address from range A. To get an IP from range B, we need to specify its MAC address at your DHCP server. That is the general idea. Your question is a good question, because other can propose a new setup that satisfy theses requirements. My original post is my attempt to implement that requirements, but any other approach is valid. I have a lot of people on both scenarios. I don't want to deal with IP assignments manually. This is my current status, I mean, I need to figure out a valid/free IP from range B to assign it to a temporary host. I have far more hosts in range B than the range itself, but only a small set is on-line at any time. So, I can't make static assignments. Thanks for asking 
|
|
| 09-18-2007, 05:15 AM |
#11 |
|
Member
Registered: Jul 2007
Location: Netherlands
Distribution: Archlinux x86_64
Posts: 48
Rep:
|
Ok, so all systems are connected on the same LAN.
Group A : dhcp address, router proxy 192.168.160.251 Groub B : dhcp address, router firewall/gateway 192.168.160.252 Group C : uses fixed ip-adresses and router 192.168.160.253 try something like this (changes are in bold):
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool {
range 192.168.160.1 192.168.160.127; # range A
option routers 192.168.160.251;
deny known-clients;
allow unknown-clients;
}
pool {
range 192.168.160.128 192.168.160.148; # Range B
option routers 192.168.160.252;
deny unknown-clients;
host h2 {
hardware ethernet 11:15:c5:39:14:42;
}
}
pool {
range 192.168.160.x 192.168.160.y; # Range C
option routers 192.168.160.253;
host h3 {
hardware ethernet 10:25:c6:76:34:02;
fixed-address 192.168.160.200
}
}
}
- to keep things clear you should have 3 pools - replace x and y with appropriate values for range c - While this may not be the most efficient setup, it should do what you want. Last edited by Lone_Wolf; 09-18-2007 at 05:17 AM. Reason: typos |
| 09-18-2007, 07:57 AM |
#12 |
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,385
Blog Entries:
1
Original Poster
Rep:
|
Hi Lone Wolf,
I have tried your suggestion, no luck. Host h2 still getting an address from range A. looks like it is a unknown client for dhcp server... An even worse, I am getting the following error message:
Code:
Dynamic and static leases present for 192.168.160.200. Remove host declaration h3 or remove 192.168.160.200 from the dynamic address pool for 192.168.160/24 I will investigate this.... In the mean time, if one has any information about this, I appreciate the enlightenment.... cheers, |
| 09-18-2007, 01:04 PM |
#13 | |
|
Member
Registered: Dec 2006
Location: Ogden, UT (Go OALUG!)
Distribution: OpenSuSE 10.1
Posts: 61
Rep:
|
missed it
Quote:
It looks like your configuration is expecting a fixed address definition for any computer coming on that's unknown. Contradictory, but that's what I see. Try taking a previously unknown host and configuring it manually in your config
Code:
fixed-address ... That's what I would suggest as a first step. If that works then the problem isn't with the server, it's with the client request formatting (I'd guess). Gryyphyn |
|
| 09-19-2007, 05:11 PM |
#14 |
|
Senior Member
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,385
Blog Entries:
1
Original Poster
Rep:
|
Solved.
Thanks for all had answered this thread. The following configuration file is working now, thanks for both suggestion from this forum, a carefull reading of man page, and a change on original requirements. There is no range C anymore. Hosts supposed to get a address from range C are set using a static address in client side. I was unable to setup the DHCP server with 3 ranges, only 2. The first one is the range A, gateway through a proxy at 192.168.160.251; Hosts for this range are unknown, I mean, any host can get a address from this pool. The second one is he range B, direct access to internet through gateway 192.168.160.252; Hosts for this range are known by advance, I mean, only hosts that have a host declaration can get a address from this pool.
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
pool { #range A
allow unknown-clients;
deny known-clients;
range dynamic-bootp 192.168.160.1 192.168.160.128;
option routers 192.168.160.251; # proxy
}
pool { # range B
deny unknown-clients;
range dynamic-bootp 192.168.160.129 192.168.160.142;
}
}
# internet access group
group {
option routers 192.168.160.252; # gateway/firewall
# follow other common declarations for hosts in this group
host h21 {hardware ethernet fa:ke:00:00:00:01;}
host h22 {hardware ethernet fa:ke:00:00:00:02;}
# etc..
}
Code:
Sep 17 14:43:49 bigslam dhcpd: Remove host declaration h21 or remove 192.168.160.142 Sep 17 14:43:49 bigslam dhcpd: from the dynamic address pool for 192.168.160/24
Code:
host h31 {
hardware ethernet fa:ke:00:00:00:31;
fixed-address 10.10.10.1;
}
|