[CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic

Sun Jan 15 17:53:07 UTC 2017
Gordon Messmer <gordon.messmer at gmail.com>

On 01/15/2017 09:11 AM, Gregory P. Ennis wrote:
> All I can say is that when I looked at the dhcpd.conf examples and read
> the man pages as well as the explanations of how dhcpd works, we should
> be able to use dhcpd for more than one subnet :

You can, provided they're on different physical interfaces.

I'm mostly certain you can have two DHCP scopes on one physical 
interface, provided that the DHCP server itself only has addresses on 
one of them.  That is, if eth0 has and only that address, 
you should be able to offer addresses for and also on that interface.  Any host you want to assign an 
address in will have to be manually added to that subnet 
with a "host" entry in dhcpd.conf.  Otherwise, imagine that you have an 
Ethernet LAN that includes a WAP.  When the DHCP server gets a request 
from a new host, how does it know whether that client is on Ethernet or 
WiFi?  There's no indication in the request the server receives that 
indicates which media the client is using.

However, attaching two IP subnets to the same broadcast domain is 
usually a bad idea.  Networks are typically segregated for one of two 
reasons: either to establish access controls or to reduce traffic to 
improve service.  You'll accomplish neither.  Hosts on each subnet won't 
be able to communicate with each other directly, but they will all see 
all of the address discovery traffic broadcast on the network.  A host 
that wanted to communicate with a host in another subnet could simply 
add a new address manually and bypass any access controls that the 
router had in place. Worse, because any communication you *do* want to 
allow has to pass to the router and then be sent back out the same 
network interface, you've actually doubled the amount of traffic on your 

Having multiple subnets on a single broadcast domain can be an 
interesting, inexpensive way to experiment with access control or 
simulate multihosting, but you don't want to do it for any longer than 
is necessary for experimental purposes.