I just want the NIC to clain it's address from the range on Subnet A

and to assign a fixed address on Subnet B.

JohnStanley Writes: In reading your post a couple more times, I think I see what you are after. Elaborate a little more on what you want exactly. You want the NIC to get an addy from the dhcpd server from the Subnet A address pool and then want to also obtain an addy from the Subnet B Fixed addy pool so the clients nics has two Ips? Correct? This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.

This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.

How does that work?

JohnStanley Writes: This is what I am talking about at the end of the ".conf" file below. That is what you are trying or wantting to accomplish? This is actualy a confiuration I use. In all respect I have a question for you.... Are you wantting to try this solution because you cant access another subnet? If now you are then you need to have a look at your routing tables in your routers or vlan configuration on your switches. That's just question or two I could be wrong.

subnet 192.168.0.0 netmask 255.255.255.0 { # Default gateway router option routers 192.168.0.1; option subnet-mask 255.255.255.0;

option nis-domain "domain_name here"; option domain-name "domain_name here"; option domain-name-servers 192.168.0.100;

# My GMT Time Offset EST! option time-offset -5; # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # Selects point-to-point node (default is hybrid). Don't change this unless # you understand Netbios very well # option netbios-node-type 2;

# Dhcpd server will give out addresses between 128 and 254. 255 is Broadcast don't forget. range dynamic-bootp 192.168.0.128 192.168.0.254; default-lease-time 21600; max-lease-time 43200;

# Next here is the kickstarts getting pulled in. # # machine_name_here:/kickstarts/ks.cfg is the nfs share # For a kickstart confgiuration file # filename "/kickstarts/ks.cfg"; # next-server 10.2.7.3; }

# I'm handing out fixed addresses and host names for the following mac addresses.

host machine_name here { hardware ethernet 00:80:5f:1d:57:47; fixed-address 192.168.0.2; }

# This one here has the Option Host Name to add.

host machine_name_here { hardware ethernet 00:50:8b:d3:f9:ed; fixed-address 192.168.0.30; option host-name "client_name_here"; } host machine_name_here { hardware ethernet 00:50:8b:e1:5d:dc; fixed-address 192.168.0.31; option host-name "host_name_here"; option subnet-mask 255.255.255.0; }

The two subnets are not physically connected but a Client should be able to connect to Subnet A or to Subnet B as well.

JohnStanley Writes: This is what is confusing. If there *NOT* Physically Connected you will never CONNECT to them. Hope you can calculate SNs ans SNMs. You can add as many Nested code blocks you need for Subnets. My advice for you is to use the 10.x.x.x range of addys to give you more subnets to work with. So give this a go.

option domain-name "YOU.com"; option domain-name-servers "192.168.0.1, 193.190.63.172" option subnet-mask 255.255.255.0; # Global Subnet mask default-lease-time 600; max-lease-time 7200;

# Here is Subnet number 1. subnet 192.168.0.0 netmask 255.255.255.240 { # Subnet for first 13 devices, 10 of which are servers, 3 printers range 192.168.0.10 192.168.0.13; # Range of IP's for our printers only. option subnet-mask 255.255.255.240; option broadcast-address 192.168.0.15; # This is the subnets broadcast address. option routers 192.168.0.14; # The gateway of this subnet. option time-servers 192.168.0.14; # Gateway is running a timeserver. option ntp-servers 192.168.0.14; # Gateway running a timeserver. }

# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers range 192.168.0.17 192.168.0.45; option subnet-mask 255.255.255.224; option broadcast-address 192.168.0.47; option routers 192.168.0.46; } group { host server1 { # the first fixed server for subnet 192.168.0.0/28 server-name server1; hardware ethernet 0a:23:f2:56:33:x0; fixed-address 192.168.0.1; } host server2 { server-name server2; hardware ethernet 0a:23:f2:56:33:x0; fixed-address 192.168.0.2; } }

# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers

Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.

Filipe

JohnStanley Writes: On subnet 192.168.0.16 with a mask of 255.255.255.224 will give enuff ips for 29 clients. One for the broadcast addy. Primary subnet would be 192.168.x.x.0 wich can only handle 254 clients. X.16 is just taken from that SN and subnetted out into a different allocation block. I slapped it in there hopping the OP would see the that other subnets ways to configure it. Good catch

For 30 hosts per SN it would be x.1 - x.30 and x.30 being the broadcast addy. So your real close. You making me think to early in the day and made me get my calculator out.

Felipe, JohnStanley Writes.

Whoops, you Hit Send A little to Soon. Only if you waited.

Yeah, but you cannot really subnet that way:

JohnStanley Writes:

So let me understand that your saying that if I am Allocated and Own the IP blocks 64.x.x.33 - 64.x.x.35 that I can not Subnet them Out in any way? I have always done that between for inbetween LAN to WAN Back to LAN or VPN. Example, I have my core catalyst router with x.33 Primary INT. x.34 subnetted out to my PIX Firewall, Squid Server.Apache and etc. Most all in a DMZ certain things. Just trying to figure out what you mean.

"Yes, because that up there contains exactly *one* IP address - so I'd hardly call that "blocks"."

Where I'm from we call it Blocks or Ipaddy. :-)

"I have no idea what you are trying to tell me - you cannot "subnet out" one IP address to "your PIX firewall"."

I wonder why I cant do that, seeing as have been doing it over 10 years. One often misguided approach to setting them up is, facing it directly into the open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in. What I was trying to say was if you by 5 ip addresses you can take an address and subnet it out to other routers, switches and what ever else. There are lots of companys doing this these days because of the cost associated with them. Honestly this is all off topic from the original OP and what he needed, Those addresses were just randomly stuck in there for presentation example. Weather they right or wrong, he or she that is seeking the information should know to atleast to change that before using it. As for that I am not totally aware of what he really wants to accomplish. I in my later networking would not even use dhcp any more unless it was an install server. I would be doing it through Cisco PIX or Nortel. Simply because of the security record of cisco and nortel. But all in all CentOS gets my file services with samba as "DFS" and I hope to see a lot of progress on Directory Server.

I wonder why I cant do that, seeing as have been doing it over 10 years.

One

often misguided approach to setting them up is, facing it directly into

the

open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in.

I never heard anyone calling that "subnetting", as a subnet is a differently defined term. ------------------------- JohnStanley Writes

I agree Subnetting and Subnet are 2 different things in whole. Subnetting is taking an IP and borrowing bits from the ip and making additional net blocks perferably in dotted decimal form is the easiest way. I guess seeing as you (DE Land) and I(US) both are of different nationalities bring up the information devide between us. For the most part we are referring to the same thing but are calling it a diferent name. I do often however have a laugh at times about things on this list from people in Europe. I read posts sometime that mean something totaly different here but then some will answer it where the poster is from and then it kinda begins to make sense.

Scott Silva (Mail Scanner) Wrote:

TCP/IP works the same way no matter what country you are from. The terms

are

the same, and if someone uses the wrong term, it is not the language difference, that person just learned the wrong term.

Yes, works the same in all Countries. Layers 1,2,3 of the OSI Stack. I guess what I should have said was Subnet.

A subnet is what you get when you finish subnetting. One is a noun, one is

a

verb. It can only be done the way it was designed to be done. You can do

some

very creative things with CIDR now, but that was created more as a way to

make

smaller routing tables than any other reason.

Correct there. Classless Inter Domain Routing, never really got into doing that. Largest I have dealt with was 1500 nodes and cidr is not needed there. My main thing has always been getting a network provider to also provide failover redudance. Had one dealing with lighting fiber and that was a nightmare. Maybe I can get a few CIDR pointers from you. :-)

JohnStanley

Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.

JohnStanley Writes: Follow Up to Previous Mail!!

Filipe,

To early in the day for all this math. Your right saying x.31 - x.63 for that particular SN, with x.63 being the broadcast addy and x.31 the network addy. Had to think about it a little, rough day. Just put an address in there for visual anatomy so the OP could get a picture off it. Good to know soemone is payin attention.

Filipe Brandenburger wrote:

My personal opinion, if you're using RFC1918 addresses for internal networks, you should only use 255.255.255.0 netmasks everywhere, even though it's a network for one machine only. Dealing with netmasks is a PITA, and should be avoided unless there's a real reason to use it, for instance with valid IPs.

on a large WAN, /24 vlan segments are often too small. we use /20 slices of 10-net for VLAN's here. /all/ 10-net vlans are /20. we also use some 172.16-31 and 192.168 spaces, those are all /24

Hi,

On Thu, Oct 16, 2008 at 15:51, Marcus Moeller mm@gcug.de wrote:

This is definitely not what I am trying to do. I try to line out the setup again:

Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)

Clients on Subnet A should get a static IP from the host declaration. Clients on Subnet B should obtain dynamic IP addresses from a range.

The two subnets are not physically connected but a Client should be able to connect to Subnet A or to Subnet B as well.

I'm no DHCP expert, but I believe that to accomplish what you are trying to do you have to run two separate dhcpd instances, one for each interface. You can do that by passing a parameter to dhcpd of which interface it should bind to. You will also need separate config files, lease files, pid files, etc. (it might be a PITA, but it's the only way I see that it can be done on the same host.)

See "man dhcpd" for the details, but I think it would be something like:

# dhcpd -cf /etc/dhcpd-subnetA.conf -lf /var/lib/dhcpd/dhcpd-subnetA.leases -pf /var/run/dhcpd-subnetA.pid eth0 # dhcpd -cf /etc/dhcpd-subnetB.conf -lf /var/lib/dhcpd/dhcpd-subnetB.leases -pf /var/run/dhcpd-subnetB.pid eth1

And then you will still have to deal with startup and shutdown, initscripts, SELinux, managing both processes, ...

If you really want to go that route, you might consider running two VMs on that hardware, one for each network, it might prove to be simpler than running two instances of dhcpd in one host at the end.

Otherwise, you could just assign static IPs on both networks for hosts that can connect to both, as you said that works, you only have to keep track of the fixed addresses then...

HTH, Filipe

Dear John,

...

Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)

Clients on Subnet A should get a static IP from the host declaration. Clients on Subnet B should obtain dynamic IP addresses from a range. The two subnets are not physically connected but a CLIENT should be able to connect to Subnet A or to Subnet B as well.

This is what is confusing. If there *NOT* Physically Connected you will never CONNECT to them.

In this setup Subnet A is a private network and Subnet B is a network for public Wifi access. If one got a notebook and his/her mac-address is listed in Subnet A declaration he/she should be able to obtain an IP. In some situations this machine may just want to access to public wifi so he/she should also be able to connect to Subnet B as well.

ATM, the client will only get an IP address if there is a static host declaration for it in both networks. Otherwise it would just be able to connect to Subnet A and will never receive an IP from the dynamic range of Subnet B.

In the near future Subnet A will be migrated to a Class A network, so 'subnetting' may be possible, but I don't think that this will change the situation.

I also wonder if it's really necessary to run two instances of DHCP with separate config files as dhcpd3 is able to detect the Subnets on which it may deploy leases, depending on the NIC configuration.

Best Regards Marcus

Dear John.

The two commands I posted for you to set it up that way can be done in a Single File Configuration. The last config file I posted for you was for two NICS on two different Subnets.

I am not yet sure if we are talking about the same problem, so here is my current configuration. Unless I add an host definition WITH fixed-address statement to the 10.2.0.0 subnet, too LaptopWLAN won't get an IP address within this network range.

... authoritative; ddns-update-style interim; ddns-updates on;

update-static-leases true;

key "rndckey" { algorithm hmac-md5; secret "my-rndckey"; }

zone extra.net { primary 127.0.0.1; key rndckey; }

zone 2.10.in-addr.arpa { primary 127.0.0.1; key rndckey; }

zone intra.net { primary 127.0.0.1; key rndckey; }

zone 2.168.192.in-addr.arpa { primary 127.0.0.1; key rndckey; }

failover peer "intra-net" { primary; address 192.168.2.2; port 647; peer address 192.168.2.50; peer port 647; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; }

subnet 10.2.0.0 netmask 255.255.0.0 { pool { allow unknown-clients; ignore client-updates; deny dynamic bootp clients; option routers 10.2.1.2; option router-discovery false; option domain-name "extra.net"; option domain-name-servers 10.2.1.2; option ip-forwarding false; option ntp-servers 10.2.1.2; ddns-domainname "extra.net"; range 10.2.2.1 10.2.2.254; }

}

subnet 192.168.2.0 netmask 255.255.255.0 { pool { failover peer "intra-net"; deny unknown-clients; ignore client-updates; deny dynamic bootp clients; option routers 192.168.2.2; option router-discovery false; option domain-name "intra.net"; option domain-name-servers 192.168.2.2, 192.168.2.50; option netbios-name-servers 192.168.2.50; option netbios-dd-server 192.168.2.50; option netbios-node-type 2; option ip-forwarding false; option ntp-servers 192.168.2.50; ddns-domainname "intra.net"; range 192.168.2.150 192.168.2.151;

host LaptopWLAN { hardware ethernet 00:15:17:17:0E:A8; fixed-address 192.168.2.201; ddns-hostname "LaptopWLAN"; } # ... a LOT of other host declarations ... } } ...

Best Regards Marcus

Dear John,

Marcus, I do not think what your trying to do is going to work. Why? "failover peer "intra-net"" . You will need a dhcp.master configuration file on both servers. You running two dhcp servers? Debug with only one server.

Of course, the failover is set up and working correctly. Please note that I am not new to dhcpd3 configuration.

Her's my opinion. You need to just start out with a simple dhcp.conf,

I have already disabled failover configuration during debug state.

single server and let that be it. On every change you make back it up before a change to it. Get one laptop and don't use any WiFi Security on itand take out the keys defined for it in in the dhcp file. You should not need a host declaration for the laptop if your wantting to get an assigned addy from the 10.2.0.0 range

That's what I thought, too. But it does not work if there is a host declaration for that MAC in another subnet. Maybe it's just a silly bug.

OK, now while on the laptop topic theres a special decleration you can provide for an option "option dhcp-server-identifier x.x.x.x;" What this will accomplish is maybe letting your laptops obtain and address. Certain Operatting systems can not distinguish between the "SYN" and "ACK" proccess of a Unix style ddns. Linux/Unix usualy have no problems with it. This can be seen with something like WireShark or tcp-dump on the network. Using those two would greatly help solve your problem also. Another note your failover dhcp server needs to be the same version as the main one

It is.

One final note your laptop can be obtaining an address then dropping it because of RF conectivity issues.

This behavior occurs on all clients, so I don't think so.

Best Regards Marcus

JohnStanley Writes:

From the dhcp.conf.5 manual. This seems like it would skin the cat for your

needs Specify this in each Scope and you should be set. It will allow you to have the two different addresses from two different SNs. That is as Per the the Man Pages (lots o digging). Has to also be in a host declaration

The fixed-address declaration

fixed-address address [, address ... ];

The fixed-address declaration is used to assign one or more fixed IP addresses to a client. It should only appear in a host declaration. If more than one address is supplied, then when the client boots, it will be assigned the address that corresponds to the network on which it is booting. If none of the addresses in the fixed-address state- ment are valid for the network to which the client is connected, that client will not match the host declaration containing that fixed- address declaration. Each address in the fixed-address declaration should be either an IP address or a domain name that resolves to one or more IP addresses.

...

From the dhcp.conf.5 manual. This seems like it would skin the cat for

your

needs Specify this in each Scope and you should be set. It will allow you

to

have the two different addresses from two different SNs. That is as Per

the

As I have already mentioned in my initial post, that's what I have done. But that does not fullfil my needs as I don't want to maintain two sets of host declarations.

But if that's the only option I guess I have to accept it.

JohnStanley Writes: AFAIK, that is the only to do it. Unless your willing to switch to MSDHCP (win$). Just currious, why do you need to have 2 different ips with from a different subnet assigned to one client?.

As mentioned before, one is a private LAN and the other one ins a public WLAN. Sometimes it fits to just connect to the public WLAN to get internet access.

JohnStanley Writes: Ahh I see....