Hi all.
I have set up a DHCP server with multiple subnet configurations (let's say subnet A and B). Within that I have declared pools and static hosts addresses.
Now, if I have set up a static host entry (with fixed-address) in Subnet B for a specific machine and try to connect to Subnet A with that NIC (where it should obtain an address from the range), this does not work unless I add a static host entry for that machine to the Subnet A declaration, too. I even have to assign a fixed-address, there.
I just want the NIC to clain it's address from the range on Subnet A and to assign a fixed address on Subnet B.
Best Regards Marcus
On Wed, 15 Oct 2008, Marcus Moeller wrote:
Hi all.
I have set up a DHCP server with multiple subnet configurations (let's say subnet A and B). Within that I have declared pools and static hosts addresses.
Now, if I have set up a static host entry (with fixed-address) in Subnet B for a specific machine and try to connect to Subnet A with that NIC (where it should obtain an address from the range), this does not work unless I add a static host entry for that machine to the Subnet A declaration, too. I even have to assign a fixed-address, there.
I just want the NIC to clain it's address from the range on Subnet A and to assign a fixed address on Subnet B.
You can assign multiple host blocks for the same NIC, using a fixed-address directive in one but not in other. dhcpd will try for the best match. If the request arrives from subnet-B, and the fixed address is on that net, then that's the block that gets used. Otherwise, the less specific block will be used. E.g.,
host myhost { hardware ethernet 11:22:33:44:55:66; fixed-address myhost.mydom.com; } host myhost-roam { hardware ethernet 11:22:33:44:55:66; }
I just want the NIC to clain it's address from the range on Subnet A
and to assign a fixed address on Subnet B.
JohnStanley Writes: In reading your post a couple more times, I think I see what you are after. Elaborate a little more on what you want exactly. You want the NIC to get an addy from the dhcpd server from the Subnet A address pool and then want to also obtain an addy from the Subnet B Fixed addy pool so the clients nics has two Ips? Correct? This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.
Dear John,
In reading your post a couple more times, I think I see what you are after. Elaborate a little more on what you want exactly. You want the NIC to get an addy from the dhcpd server from the Subnet A address pool and then want to also obtain an addy from the Subnet B Fixed addy pool so the clients nics has two Ips? Correct?
The client can just connect to two networks handled by the DHCP server (on different NICs of course ;))
On Subnet A it should receive a dynamic address within the range and on Subnet be it should just obtain the address defined in it's host declaration.
This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.
How does that work?
Best Regards Marcus
This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.
How does that work?
JohnStanley Writes: This is what I am talking about at the end of the ".conf" file below. That is what you are trying or wantting to accomplish? This is actualy a confiuration I use. In all respect I have a question for you.... Are you wantting to try this solution because you cant access another subnet? If now you are then you need to have a look at your routing tables in your routers or vlan configuration on your switches. That's just question or two I could be wrong.
subnet 192.168.0.0 netmask 255.255.255.0 { # Default gateway router option routers 192.168.0.1; option subnet-mask 255.255.255.0;
option nis-domain "domain_name here"; option domain-name "domain_name here"; option domain-name-servers 192.168.0.100;
# My GMT Time Offset EST! option time-offset -5; # option ntp-servers 192.168.1.1; # option netbios-name-servers 192.168.1.1; # Selects point-to-point node (default is hybrid). Don't change this unless # you understand Netbios very well # option netbios-node-type 2;
# Dhcpd server will give out addresses between 128 and 254. 255 is Broadcast don't forget. range dynamic-bootp 192.168.0.128 192.168.0.254; default-lease-time 21600; max-lease-time 43200;
# Next here is the kickstarts getting pulled in. # # machine_name_here:/kickstarts/ks.cfg is the nfs share # For a kickstart confgiuration file # filename "/kickstarts/ks.cfg"; # next-server 10.2.7.3; }
# I'm handing out fixed addresses and host names for the following mac addresses.
host machine_name here { hardware ethernet 00:80:5f:1d:57:47; fixed-address 192.168.0.2; }
# This one here has the Option Host Name to add.
host machine_name_here { hardware ethernet 00:50:8b:d3:f9:ed; fixed-address 192.168.0.30; option host-name "client_name_here"; } host machine_name_here { hardware ethernet 00:50:8b:e1:5d:dc; fixed-address 192.168.0.31; option host-name "host_name_here"; option subnet-mask 255.255.255.0; }
This I am not sure can be done with dhcpd. However you can specify NIC to fixed static addys and the nic harware address in the dhcp.conf file.
How does that work?
JohnStanley Writes: This is what I am talking about at the end of the ".conf" file below. That is what you are trying or wantting to accomplish? This is actualy a confiuration I use. In all respect I have a question for you.... Are you wantting to try this solution because you cant access another subnet? If now you are then you need to have a look at your routing tables in your routers or vlan configuration on your switches. That's just question or two I could be wrong.
Dear John.
This is definitely not what I am trying to do. I try to line out the setup again:
Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)
Clients on Subnet A should get a static IP from the host declaration. Clients on Subnet B should obtain dynamic IP addresses from a range.
The two subnets are not physically connected but a Client should be able to connect to Subnet A or to Subnet B as well.
Best Regards Marcus
The two subnets are not physically connected but a Client should be able to connect to Subnet A or to Subnet B as well.
JohnStanley Writes: This is what is confusing. If there *NOT* Physically Connected you will never CONNECT to them. Hope you can calculate SNs ans SNMs. You can add as many Nested code blocks you need for Subnets. My advice for you is to use the 10.x.x.x range of addys to give you more subnets to work with. So give this a go.
option domain-name "YOU.com"; option domain-name-servers "192.168.0.1, 193.190.63.172" option subnet-mask 255.255.255.0; # Global Subnet mask default-lease-time 600; max-lease-time 7200;
# Here is Subnet number 1. subnet 192.168.0.0 netmask 255.255.255.240 { # Subnet for first 13 devices, 10 of which are servers, 3 printers range 192.168.0.10 192.168.0.13; # Range of IP's for our printers only. option subnet-mask 255.255.255.240; option broadcast-address 192.168.0.15; # This is the subnets broadcast address. option routers 192.168.0.14; # The gateway of this subnet. option time-servers 192.168.0.14; # Gateway is running a timeserver. option ntp-servers 192.168.0.14; # Gateway running a timeserver. }
# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers range 192.168.0.17 192.168.0.45; option subnet-mask 255.255.255.224; option broadcast-address 192.168.0.47; option routers 192.168.0.46; } group { host server1 { # the first fixed server for subnet 192.168.0.0/28 server-name server1; hardware ethernet 0a:23:f2:56:33:x0; fixed-address 192.168.0.1; } host server2 { server-name server2; hardware ethernet 0a:23:f2:56:33:x0; fixed-address 192.168.0.2; } }
Hi,
On Fri, Oct 17, 2008 at 08:32, John jses27@gmail.com wrote:
# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers
Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.
Filipe
# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers
Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.
Filipe
JohnStanley Writes: On subnet 192.168.0.16 with a mask of 255.255.255.224 will give enuff ips for 29 clients. One for the broadcast addy. Primary subnet would be 192.168.x.x.0 wich can only handle 254 clients. X.16 is just taken from that SN and subnetted out into a different allocation block. I slapped it in there hopping the OP would see the that other subnets ways to configure it. Good catch
For 30 hosts per SN it would be x.1 - x.30 and x.30 being the broadcast addy. So your real close. You making me think to early in the day and made me get my calculator out.
Hi,
On Fri, Oct 17, 2008 at 12:37, John jses27@gmail.com wrote:
On subnet 192.168.0.16 with a mask of 255.255.255.224 will give enuff ips for 29 clients. One for the broadcast addy.
I think you are mistaken here, with netmask 255.255.255.224 you can have network 192.168.0.0 (from 0 to 31) and 192.168.0.32 (from 32 to 63), but not 192.168.0.16 going up to 47. The address and netmask must align, if you configure 192.168.0.16/255.255.255.224 you will actually have a network that goes from 0 to 31, not 16 to 47.
Filipe
Felipe, JohnStanley Writes.
Whoops, you Hit Send A little to Soon. Only if you waited.
John wrote:
# Here is Subnet number 2. subnet 192.168.0.16 netmask 255.255.255.224 { # Subnet for 29 computers
Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.
On subnet 192.168.0.16 with a mask of 255.255.255.224 will give enuff ips for 29 clients. One for the broadcast addy. Primary subnet would be 192.168.x.x.0 wich can only handle 254 clients. X.16 is just taken from that SN and subnetted out into a different allocation block. I slapped it in there hopping the OP would see the that other subnets ways to configure it. Good catch
Yeah, but you cannot really subnet that way:
[angenenr@shutdown ~]$ipcalc.pl 192.168.0.16/255.255.255.224 Address: 192.168.0.16 11000000.10101000.00000000.000 10000 Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000 Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111 => Network: 192.168.0.0/27 11000000.10101000.00000000.000 00000 HostMin: 192.168.0.1 11000000.10101000.00000000.000 00001 HostMax: 192.168.0.30 11000000.10101000.00000000.000 11110 Broadcast: 192.168.0.31 11000000.10101000.00000000.000 11111 Hosts/Net: 30 Class C, Private Internet
Ralph
Yeah, but you cannot really subnet that way:
JohnStanley Writes:
So let me understand that your saying that if I am Allocated and Own the IP blocks 64.x.x.33 - 64.x.x.35 that I can not Subnet them Out in any way? I have always done that between for inbetween LAN to WAN Back to LAN or VPN. Example, I have my core catalyst router with x.33 Primary INT. x.34 subnetted out to my PIX Firewall, Squid Server.Apache and etc. Most all in a DMZ certain things. Just trying to figure out what you mean.
John wrote:
Yeah, but you cannot really subnet that way:
JohnStanley Writes:
So let me understand that your saying that if I am Allocated and Own the IP blocks 64.x.x.33 - 64.x.x.35 that I can not Subnet them Out in any way?
Yes, because that up there contains exactly *one* IP address - so I'd hardly call that "blocks".
I have always done that between for inbetween LAN to WAN Back to LAN or VPN. Example, I have my core catalyst router with x.33 Primary INT. x.34 subnetted out to my PIX Firewall, Squid Server.Apache and etc. Most all in a DMZ certain things. Just trying to figure out what you mean.
I have no idea what you are trying to tell me - you cannot "subnet out" one IP address to "your PIX firewall".
And hadn't you snipped what I wrote, you could have seen that it is impossible to have 192.168.0.16 with a netmask of 255.255.255.224 with 192.168.0.16 being the network address, as that IP address with that network mask can only be an address in an address range from 192.168.0.1 to 192.168.0.30 with .0 being the network and .31 being the broadcast address.
Ralph
"Yes, because that up there contains exactly *one* IP address - so I'd hardly call that "blocks"."
Where I'm from we call it Blocks or Ipaddy. :-)
"I have no idea what you are trying to tell me - you cannot "subnet out" one IP address to "your PIX firewall"."
I wonder why I cant do that, seeing as have been doing it over 10 years. One often misguided approach to setting them up is, facing it directly into the open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in. What I was trying to say was if you by 5 ip addresses you can take an address and subnet it out to other routers, switches and what ever else. There are lots of companys doing this these days because of the cost associated with them. Honestly this is all off topic from the original OP and what he needed, Those addresses were just randomly stuck in there for presentation example. Weather they right or wrong, he or she that is seeking the information should know to atleast to change that before using it. As for that I am not totally aware of what he really wants to accomplish. I in my later networking would not even use dhcp any more unless it was an install server. I would be doing it through Cisco PIX or Nortel. Simply because of the security record of cisco and nortel. But all in all CentOS gets my file services with samba as "DFS" and I hope to see a lot of progress on Directory Server.
John wrote:
"I have no idea what you are trying to tell me - you cannot "subnet out" one IP address to "your PIX firewall"."
I wonder why I cant do that, seeing as have been doing it over 10 years. One often misguided approach to setting them up is, facing it directly into the open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in.
I never heard anyone calling that "subnetting", as a subnet is a differently defined term.
Ralph
I wonder why I cant do that, seeing as have been doing it over 10 years.
One
often misguided approach to setting them up is, facing it directly into
the
open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in.
I never heard anyone calling that "subnetting", as a subnet is a differently defined term. ------------------------- JohnStanley Writes
I agree Subnetting and Subnet are 2 different things in whole. Subnetting is taking an IP and borrowing bits from the ip and making additional net blocks perferably in dotted decimal form is the easiest way. I guess seeing as you (DE Land) and I(US) both are of different nationalities bring up the information devide between us. For the most part we are referring to the same thing but are calling it a diferent name. I do often however have a laugh at times about things on this list from people in Europe. I read posts sometime that mean something totaly different here but then some will answer it where the poster is from and then it kinda begins to make sense.
on 10-17-2008 3:25 PM John spake the following:
I wonder why I cant do that, seeing as have been doing it over 10 years.
One
often misguided approach to setting them up is, facing it directly into
the
open internet. Your as good as gone when someone hits up the ftp port on that shiny new PIX and tunnels right in.
I never heard anyone calling that "subnetting", as a subnet is a differently defined term.
JohnStanley Writes
I agree Subnetting and Subnet are 2 different things in whole. Subnetting is taking an IP and borrowing bits from the ip and making additional net blocks perferably in dotted decimal form is the easiest way. I guess seeing as you (DE Land) and I(US) both are of different nationalities bring up the information devide between us. For the most part we are referring to the same thing but are calling it a diferent name. I do often however have a laugh at times about things on this list from people in Europe. I read posts sometime that mean something totaly different here but then some will answer it where the poster is from and then it kinda begins to make sense.
TCP/IP works the same way no matter what country you are from. The terms are the same, and if someone uses the wrong term, it is not the language difference, that person just learned the wrong term.
A subnet is what you get when you finish subnetting. One is a noun, one is a verb. It can only be done the way it was designed to be done. You can do some very creative things with CIDR now, but that was created more as a way to make smaller routing tables than any other reason.
Scott Silva (Mail Scanner) Wrote:
TCP/IP works the same way no matter what country you are from. The terms
are
the same, and if someone uses the wrong term, it is not the language difference, that person just learned the wrong term.
Yes, works the same in all Countries. Layers 1,2,3 of the OSI Stack. I guess what I should have said was Subnet.
A subnet is what you get when you finish subnetting. One is a noun, one is
a
verb. It can only be done the way it was designed to be done. You can do
some
very creative things with CIDR now, but that was created more as a way to
make
smaller routing tables than any other reason.
Correct there. Classless Inter Domain Routing, never really got into doing that. Largest I have dealt with was 1500 nodes and cidr is not needed there. My main thing has always been getting a network provider to also provide failover redudance. Had one dealing with lighting fiber and that was a nightmare. Maybe I can get a few CIDR pointers from you. :-)
JohnStanley
John wrote:
Correct there. Classless Inter Domain Routing, never really got into doing that.
Do tell.
Largest I have dealt with was 1500 nodes and cidr is not needed there.
Ermm. Classful routing is *dead*, CIDR is needed *everywhere*.
My main thing has always been getting a network provider to also provide failover redudance. Had one dealing with lighting fiber and that was a nightmare. Maybe I can get a few CIDR pointers from you. :-)
http://www.faqs.org/rfcs/rfc1519.html - subnetting and such ...
Ralph
Isn't this wrong? If the netmask is .224, it should be either 192.168.0.0-31 or 192.168.0.32-63. 192.168.0.16 does not make sense here.
JohnStanley Writes: Follow Up to Previous Mail!!
Filipe,
To early in the day for all this math. Your right saying x.31 - x.63 for that particular SN, with x.63 being the broadcast addy and x.31 the network addy. Had to think about it a little, rough day. Just put an address in there for visual anatomy so the OP could get a picture off it. Good to know soemone is payin attention.
Hi,
On Fri, Oct 17, 2008 at 13:18, John jses27@gmail.com wrote:
To early in the day for all this math.
It really is! :-)
Your right saying x.31 - x.63 for that particular SN, with x.63 being the broadcast addy and x.31 the network addy.
Actually, x.32 to x.63, with x.32 being the network address.
My personal opinion, if you're using RFC1918 addresses for internal networks, you should only use 255.255.255.0 netmasks everywhere, even though it's a network for one machine only. Dealing with netmasks is a PITA, and should be avoided unless there's a real reason to use it, for instance with valid IPs.
Filipe
Filipe Brandenburger wrote:
My personal opinion, if you're using RFC1918 addresses for internal networks, you should only use 255.255.255.0 netmasks everywhere, even though it's a network for one machine only. Dealing with netmasks is a PITA, and should be avoided unless there's a real reason to use it, for instance with valid IPs.
on a large WAN, /24 vlan segments are often too small. we use /20 slices of 10-net for VLAN's here. /all/ 10-net vlans are /20. we also use some 172.16-31 and 192.168 spaces, those are all /24
My personal opinion, if you're using RFC1918 addresses for internal
networks, you should only use 255.255.255.0 netmasks everywhere, even though it's a network for one machine only. Dealing with netmasks is a PITA, and should be avoided unless there's a real reason to use it, for instance with valid IPs.
JohnStanley Writes: One of the reasons that I take the trouble in doing it is that it Isolates the different Subnets and the Applications that are are on it. Also to keep nosey clients from browsing them if you don't want them to. I take more of security issue in perspective than an ease of use. Using a SNB of 20 don't give you but 14 host per sn. 1,048,575 what a mess that would be. But the issue is containing them in VLAN configurations and that can well be worth the hassel in doing it.
on a large WAN, /24 vlan segments are often too small. we use /20 slices of 10-net for VLAN's here. /all/ 10-net vlans are /20. we also use some 172.16-31 and 192.168 spaces, those are all /24
Hi,
On Thu, Oct 16, 2008 at 15:51, Marcus Moeller mm@gcug.de wrote:
This is definitely not what I am trying to do. I try to line out the setup again:
Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)
Clients on Subnet A should get a static IP from the host declaration. Clients on Subnet B should obtain dynamic IP addresses from a range.
The two subnets are not physically connected but a Client should be able to connect to Subnet A or to Subnet B as well.
I'm no DHCP expert, but I believe that to accomplish what you are trying to do you have to run two separate dhcpd instances, one for each interface. You can do that by passing a parameter to dhcpd of which interface it should bind to. You will also need separate config files, lease files, pid files, etc. (it might be a PITA, but it's the only way I see that it can be done on the same host.)
See "man dhcpd" for the details, but I think it would be something like:
# dhcpd -cf /etc/dhcpd-subnetA.conf -lf /var/lib/dhcpd/dhcpd-subnetA.leases -pf /var/run/dhcpd-subnetA.pid eth0 # dhcpd -cf /etc/dhcpd-subnetB.conf -lf /var/lib/dhcpd/dhcpd-subnetB.leases -pf /var/run/dhcpd-subnetB.pid eth1
And then you will still have to deal with startup and shutdown, initscripts, SELinux, managing both processes, ...
If you really want to go that route, you might consider running two VMs on that hardware, one for each network, it might prove to be simpler than running two instances of dhcpd in one host at the end.
Otherwise, you could just assign static IPs on both networks for hosts that can connect to both, as you said that works, you only have to keep track of the fixed addresses then...
HTH, Filipe
See "man dhcpd" for the details, but I think it would be something like:
# dhcpd -cf /etc/dhcpd-subnetA.conf -lf /var/lib/dhcpd/dhcpd-subnetA.leases -pf /var/run/dhcpd-subnetA.pid eth0 # dhcpd -cf /etc/dhcpd-subnetB.conf -lf /var/lib/dhcpd/dhcpd-subnetB.leases -pf /var/run/dhcpd-subnetB.pid Eth1 ------- JohnStanley Writes: This works with two NIC CARDS... "dhcp.conf" I promise I really thought I had posted this earlier but apparently I did not. Filipe is correct for the cmd line running of it, so heres the .conf to run with two nics.
ddns-update-style ad-hoc
subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.XX 192.168.2.XX; default-lease-time 7200; max-lease-time 21600; option routers 192.168.2.XXX; option ip-forwarding off; option broadcast-address 192.168.2.255; option subnet-mask 255.255.255.0; option domain-name-servers 64.XX.XX.XX, 64.XX.XX.XX; }
subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.XX 192.168.1.XX; min-secs 3; default-lease-time 7200; max-lease-time 21600; option routers 192.168.1.X; option ip-forwarding off; option broadcast-address 192.168.1.255; option subnet-mask 255.255.255.0; option domain-name-servers 64.XX.XX.XX, 64.XX.XX.XX; }
Option to run with two nics from the command line as 2 deamons...
dhcpd -cf /etc/dhcpd-network1 eth0 dhcpd -cf /etc/dhcpd-network2 eth1
Dear John,
Subnet A (192.168.2.x) <-> DHCP Server with 2 NICs <-> Subnet B (10.1.0.0)
Clients on Subnet A should get a static IP from the host declaration. Clients on Subnet B should obtain dynamic IP addresses from a range. The two subnets are not physically connected but a CLIENT should be able to connect to Subnet A or to Subnet B as well.
This is what is confusing. If there *NOT* Physically Connected you will never CONNECT to them.
In this setup Subnet A is a private network and Subnet B is a network for public Wifi access. If one got a notebook and his/her mac-address is listed in Subnet A declaration he/she should be able to obtain an IP. In some situations this machine may just want to access to public wifi so he/she should also be able to connect to Subnet B as well.
ATM, the client will only get an IP address if there is a static host declaration for it in both networks. Otherwise it would just be able to connect to Subnet A and will never receive an IP from the dynamic range of Subnet B.
In the near future Subnet A will be migrated to a Class A network, so 'subnetting' may be possible, but I don't think that this will change the situation.
I also wonder if it's really necessary to run two instances of DHCP with separate config files as dhcpd3 is able to detect the Subnets on which it may deploy leases, depending on the NIC configuration.
Best Regards Marcus
Marcus Wrote: I also wonder if it's really necessary to run two instances of DHCP with separate config files as dhcpd3 is able to detect the Subnets on which it may deploy leases, depending on the NIC configuration.
JohnStanley Writes. The two commands I posted for you to set it up that way can be done in a Single File Configuration. The last config file I posted for you was for two NICS on two different Subnets. Now here is the catch because I know your saying it want work. Infact it will work. I just don't know or have an idea of the hardware you are using on your network. You will need what is called a dhcp relay client to forward dhcp requests to your dhcp server. That can obtained from any linux client on the that subnet you need to forward requests. See "man dhcrelay" That's the cheap way out. Next option would be to use a Nortel or Cisco Switch that can support VLAN so you can configure the the switches "ip helper-address" (interface) which in turn forwards the dhcp requests to the dhcp server.
This is the thread I posted earlier for you. Pay no mind to the Ip addys. Substitute your own. You can add on to it also the static portion that you need for static clients. Should get you going atleast. http://lists.centos.org/pipermail/centos/2008-October/066615.html
Dear John.
The two commands I posted for you to set it up that way can be done in a Single File Configuration. The last config file I posted for you was for two NICS on two different Subnets.
I am not yet sure if we are talking about the same problem, so here is my current configuration. Unless I add an host definition WITH fixed-address statement to the 10.2.0.0 subnet, too LaptopWLAN won't get an IP address within this network range.
... authoritative; ddns-update-style interim; ddns-updates on;
update-static-leases true;
key "rndckey" { algorithm hmac-md5; secret "my-rndckey"; }
zone extra.net { primary 127.0.0.1; key rndckey; }
zone 2.10.in-addr.arpa { primary 127.0.0.1; key rndckey; }
zone intra.net { primary 127.0.0.1; key rndckey; }
zone 2.168.192.in-addr.arpa { primary 127.0.0.1; key rndckey; }
failover peer "intra-net" { primary; address 192.168.2.2; port 647; peer address 192.168.2.50; peer port 647; max-response-delay 60; max-unacked-updates 10; mclt 3600; split 128; load balance max seconds 3; }
subnet 10.2.0.0 netmask 255.255.0.0 { pool { allow unknown-clients; ignore client-updates; deny dynamic bootp clients; option routers 10.2.1.2; option router-discovery false; option domain-name "extra.net"; option domain-name-servers 10.2.1.2; option ip-forwarding false; option ntp-servers 10.2.1.2; ddns-domainname "extra.net"; range 10.2.2.1 10.2.2.254; }
}
subnet 192.168.2.0 netmask 255.255.255.0 { pool { failover peer "intra-net"; deny unknown-clients; ignore client-updates; deny dynamic bootp clients; option routers 192.168.2.2; option router-discovery false; option domain-name "intra.net"; option domain-name-servers 192.168.2.2, 192.168.2.50; option netbios-name-servers 192.168.2.50; option netbios-dd-server 192.168.2.50; option netbios-node-type 2; option ip-forwarding false; option ntp-servers 192.168.2.50; ddns-domainname "intra.net"; range 192.168.2.150 192.168.2.151;
host LaptopWLAN { hardware ethernet 00:15:17:17:0E:A8; fixed-address 192.168.2.201; ddns-hostname "LaptopWLAN"; } # ... a LOT of other host declarations ... } } ...
Best Regards Marcus
I am not yet sure if we are talking about the same problem, so here is my current configuration. Unless I add an host definition WITH fixed-address statement to the 10.2.0.0 subnet, too LaptopWLAN won't get an IP address within this network range.
JohnStanley Writes:
Marcus, I do not think what your trying to do is going to work. Why? "failover peer "intra-net"" . You will need a dhcp.master configuration file on both servers. You running two dhcp servers? Debug with only one server.
Her's my opinion. You need to just start out with a simple dhcp.conf, single server and let that be it. On every change you make back it up before a change to it. Get one laptop and don't use any WiFi Security on itand take out the keys defined for it in in the dhcp file. You should not need a host declaration for the laptop if your wantting to get an assigned addy from the 10.2.0.0 range
OK, now while on the laptop topic theres a special decleration you can provide for an option "option dhcp-server-identifier x.x.x.x;" What this will accomplish is maybe letting your laptops obtain and address. Certain Operatting systems can not distinguish between the "SYN" and "ACK" proccess of a Unix style ddns. Linux/Unix usualy have no problems with it. This can be seen with something like WireShark or tcp-dump on the network. Using those two would greatly help solve your problem also. Another note your failover dhcp server needs to be the same version as the main one
One final note your laptop can be obtaining an address then dropping it because of RF conectivity issues.
Dear John,
Marcus, I do not think what your trying to do is going to work. Why? "failover peer "intra-net"" . You will need a dhcp.master configuration file on both servers. You running two dhcp servers? Debug with only one server.
Of course, the failover is set up and working correctly. Please note that I am not new to dhcpd3 configuration.
Her's my opinion. You need to just start out with a simple dhcp.conf,
I have already disabled failover configuration during debug state.
single server and let that be it. On every change you make back it up before a change to it. Get one laptop and don't use any WiFi Security on itand take out the keys defined for it in in the dhcp file. You should not need a host declaration for the laptop if your wantting to get an assigned addy from the 10.2.0.0 range
That's what I thought, too. But it does not work if there is a host declaration for that MAC in another subnet. Maybe it's just a silly bug.
OK, now while on the laptop topic theres a special decleration you can provide for an option "option dhcp-server-identifier x.x.x.x;" What this will accomplish is maybe letting your laptops obtain and address. Certain Operatting systems can not distinguish between the "SYN" and "ACK" proccess of a Unix style ddns. Linux/Unix usualy have no problems with it. This can be seen with something like WireShark or tcp-dump on the network. Using those two would greatly help solve your problem also. Another note your failover dhcp server needs to be the same version as the main one
It is.
One final note your laptop can be obtaining an address then dropping it because of RF conectivity issues.
This behavior occurs on all clients, so I don't think so.
Best Regards Marcus
single server and let that be it. On every change you make back it up before
a change to it. Get one laptop and don't use any WiFi Security on itand
take
out the keys defined for it in in the dhcp file. You should not need a
host
declaration for the laptop if your wantting to get an assigned addy from
the
10.2.0.0 range
That's what I thought, too. But it does not work if there is a host declaration for that MAC in another subnet. Maybe it's just a silly bug. -------------- JohnStanley Writes: If there is a host declaration for it in another subnet then I don't think it will work. Ultimately try a host declaration in both Scopes you have defined.
JohnStanley Writes:
From the dhcp.conf.5 manual. This seems like it would skin the cat for your
needs Specify this in each Scope and you should be set. It will allow you to have the two different addresses from two different SNs. That is as Per the the Man Pages (lots o digging). Has to also be in a host declaration
The fixed-address declaration
fixed-address address [, address ... ];
The fixed-address declaration is used to assign one or more fixed IP addresses to a client. It should only appear in a host declaration. If more than one address is supplied, then when the client boots, it will be assigned the address that corresponds to the network on which it is booting. If none of the addresses in the fixed-address state- ment are valid for the network to which the client is connected, that client will not match the host declaration containing that fixed- address declaration. Each address in the fixed-address declaration should be either an IP address or a domain name that resolves to one or more IP addresses.
From the dhcp.conf.5 manual. This seems like it would skin the cat for your
needs Specify this in each Scope and you should be set. It will allow you to have the two different addresses from two different SNs. That is as Per the
As I have already mentioned in my initial post, that's what I have done. But that does not fullfil my needs as I don't want to maintain two sets of host declarations.
But if that's the only option I guess I have to accept it.
Best Regards Marcus
From the dhcp.conf.5 manual. This seems like it would skin the cat for
your
needs Specify this in each Scope and you should be set. It will allow you
to
have the two different addresses from two different SNs. That is as Per
the
As I have already mentioned in my initial post, that's what I have done. But that does not fullfil my needs as I don't want to maintain two sets of host declarations.
But if that's the only option I guess I have to accept it.
JohnStanley Writes: AFAIK, that is the only to do it. Unless your willing to switch to MSDHCP (win$). Just currious, why do you need to have 2 different ips with from a different subnet assigned to one client?.
Dear John.
AFAIK, that is the only to do it. Unless your willing to switch to MSDHCP
Maybe I file a bug report on that.
(win$). Just currious, why do you need to have 2 different ips with from a different subnet assigned to one client?.
As mentioned before, one is a private LAN and the other one ins a public WLAN. Sometimes it fits to just connect to the public WLAN to get internet access.
Best Regards Marcus
As mentioned before, one is a private LAN and the other one ins a public WLAN. Sometimes it fits to just connect to the public WLAN to get internet access.
JohnStanley Writes: Ahh I see....
Dear Paul.
You can assign multiple host blocks for the same NIC, using a fixed-address directive in one but not in other. dhcpd will try for the best match. If the request arrives from subnet-B, and the fixed address is on that net, then that's the block that gets used. Otherwise, the less specific block will be used. E.g.,
host myhost { hardware ethernet 11:22:33:44:55:66; fixed-address 172.16.1.1;
^^ modified
} host myhost-roam { hardware ethernet 11:22:33:44:55:66; }
Hmm, that does not really work on two different subnets. I have tried to add a host declaration with fixed-address on the 'static' Subnet B and one on the dynamic Subnet A with just the MAC address and ddns-domain-name.
The client won't obtain an IP address on subnet A unless I add a fixed-address declaration to it, too.
Marcus
I just want the NIC to clain it's address from the range on Subnet A and to assign a fixed address on Subnet B.
JohnStanley Writes:
You can assign in your dhcp.con file for your hosts to obtain an ip based upon the host MAC Address or Host Name. Try That..