Send dhcp-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: Problem with shared-network (Bob Harold)
2. RE: Problem with shared-network (Patrick Trapp)
3. Re: Problem with shared-network (Sten Carlsen)
4. RE: Problem with shared-network ([email protected])
----------------------------------------------------------------------
Message: 1
Date: Thu, 4 Jun 2015 12:33:09 -0400
From: Bob Harold <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: Problem with shared-network
Message-ID:
<ca+nkc8c9zuptm-tst5q4sraidzqp_ohcv016rj4zdsczpxp...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
On Thu, Jun 4, 2015 at 12:16 PM, <[email protected]> wrote:
> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:192.168.220.111 Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
>
> My goal is for the dhcp server to hand out unknown clients addresses from
> the 10.111.111.X pool, and known client to get something from the
> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
> requires a shared-network block. My dhcpd.conf file looks like (with
> comments and global options stripped out for brevity):
>
> shared-network my-net {
> subnet 192.168.200.0 netmask 255.255.255.0 {
> range 192.168.200.194 192.168.200.200;
> range 192.168.200.215 192.168.200.250;
>
> ignore unknown-clients;
> <bunch of options removed>
> } #subnet 192.168.200.0
>
> subnet 10.111.111.0 netmask 255.255.255.0 {
> range 10.111.111.5 10.111.111.200;
> allow unknown-clients;
> <bunch of options removed>
> } #subnet 10.111.111.0
> } #shared-network
>
> It runs, but only gives out 192 addresses. If I reverse the order, so the
> 10 subnet declaration comes first, then it hands out 10 addresses, but not
> 192 addresses.
>
> Any ideas what I am doing wrong?
>
>
>From the man page (you probably already know this):
" The unknown-clients flag is used to tell dhcpd whether or not to
dynamically assign addresses to
unknown clients. Dynamic address assignment to unknown clients is
allowed by default. An unknown
client is simply a client that has no host declaration.
The use of this option is now deprecated. If you are trying to
restrict access on your network to
known clients, you should use deny unknown-clients; inside of your
address pool, as described under
the heading ALLOW AND DENY WITHIN POOL DECLARATIONS."
---- But let me suggest trying:
subnet 192.168.200.0 netmask 255.255.255.0 {
deny unknown-clients;
...
subnet 10.111.111.0 netmask 255.255.255.0 {
deny known-clients;
--- What might work even better is to use a "class" to list which clients
are allowed, instead of 'host' declarations.
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20150604/1016e19e/attachment-0001.html>
------------------------------
Message: 2
Date: Thu, 4 Jun 2015 16:35:28 +0000
From: Patrick Trapp <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: Problem with shared-network
Message-ID:
<1d507d610594d14f86d40d77c17e9e66262e5...@exchangedsb.ruralnex.com>
Content-Type: text/plain; charset="us-ascii"
I'm not an expert, but I have something like this and did a little digging.
Documentation seems to indicate the allow/deny you are trying is a pool-level
declaration, and that's where I'm using them successfully. You don't appear to
have a pool defined unless it's part of what you snipped.
Oh, and they use allow/deny rather than allow/ignore, which may be pertinent. I
certainly don't know all the options that work or don't.
Is it possible that what you want is something like
shared-network my-net {
subnet 192.168.200.0 netmask 255.255.255.0 {
pool {
deny unknown-clients;
range 192.168.200.194 192.168.200.200;
} # pool declaration
subnet #second subnet
pool { #second pool declaration }
________________________________________
From: [email protected] [[email protected]] on
behalf of [email protected] [[email protected]]
Sent: Thursday, June 04, 2015 11:16 AM
To: [email protected]
Subject: Problem with shared-network
I have a Debian 7.0 running isc-dhcp-server 4.2.2.
My server has a single NIC, and using iproute, I've added additional
addresses (some lines snipped for brevity):
eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
inet addr:192.168.220.111 Bcast:192.168.220.255
Mask:255.255.255.0
eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
My goal is for the dhcp server to hand out unknown clients addresses from
the 10.111.111.X pool, and known client to get something from the
192.168.220.X pool. Since these are on the same subnet, I [believe] this
requires a shared-network block. My dhcpd.conf file looks like (with
comments and global options stripped out for brevity):
shared-network my-net {
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.194 192.168.200.200;
range 192.168.200.215 192.168.200.250;
ignore unknown-clients;
<bunch of options removed>
} #subnet 192.168.200.0
subnet 10.111.111.0 netmask 255.255.255.0 {
range 10.111.111.5 10.111.111.200;
allow unknown-clients;
<bunch of options removed>
} #subnet 10.111.111.0
} #shared-network
It runs, but only gives out 192 addresses. If I reverse the order, so the
10 subnet declaration comes first, then it hands out 10 addresses, but not
192 addresses.
Any ideas what I am doing wrong?
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Thu, 04 Jun 2015 18:57:01 +0200
From: Sten Carlsen <[email protected]>
To: [email protected]
Subject: Re: Problem with shared-network
Message-ID: <[email protected]>
Content-Type: text/plain; charset="windows-1252"
Based on my experience with a similar setup, it should be sufficient to
change the ignore to deny.
Be aware that both eth0 and eth0:1 are part of the same shared subnet,
so known or unknown does not correspond to being on eth0 or eth0:1.
Be aware that when using classes, a match for a class xxx does not make
the host known, only a host statement will have that effect. It means
that you will have to deny members of class xxx in the pool for unknown
hosts to avoid them getting an IP from that pool.
On 04/06/15 18:35, Patrick Trapp wrote:
> I'm not an expert, but I have something like this and did a little digging.
> Documentation seems to indicate the allow/deny you are trying is a pool-level
> declaration, and that's where I'm using them successfully. You don't appear
> to have a pool defined unless it's part of what you snipped.
>
> Oh, and they use allow/deny rather than allow/ignore, which may be pertinent.
> I certainly don't know all the options that work or don't.
>
> Is it possible that what you want is something like
>
> shared-network my-net {
> subnet 192.168.200.0 netmask 255.255.255.0 {
> pool {
> deny unknown-clients;
> range 192.168.200.194 192.168.200.200;
> } # pool declaration
> subnet #second subnet
> pool { #second pool declaration }
>
> ________________________________________
> From: [email protected] [[email protected]] on
> behalf of [email protected] [[email protected]]
> Sent: Thursday, June 04, 2015 11:16 AM
> To: [email protected]
> Subject: Problem with shared-network
>
> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:192.168.220.111 Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
>
> My goal is for the dhcp server to hand out unknown clients addresses from
> the 10.111.111.X pool, and known client to get something from the
> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
> requires a shared-network block. My dhcpd.conf file looks like (with
> comments and global options stripped out for brevity):
>
> shared-network my-net {
> subnet 192.168.200.0 netmask 255.255.255.0 {
> range 192.168.200.194 192.168.200.200;
> range 192.168.200.215 192.168.200.250;
>
> ignore unknown-clients;
> <bunch of options removed>
> } #subnet 192.168.200.0
>
> subnet 10.111.111.0 netmask 255.255.255.0 {
> range 10.111.111.5 10.111.111.200;
> allow unknown-clients;
> <bunch of options removed>
> } #subnet 10.111.111.0
> } #shared-network
>
> It runs, but only gives out 192 addresses. If I reverse the order, so the
> 10 subnet declaration comes first, then it hands out 10 addresses, but not
> 192 addresses.
>
> Any ideas what I am doing wrong?
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20150604/2c6c9e17/attachment-0001.html>
------------------------------
Message: 4
Date: Thu, 4 Jun 2015 13:38:42 -0400
From: [email protected]
To: "Users of ISC DHCP" <[email protected]>
Subject: RE: Problem with shared-network
Message-ID:
<[email protected]>
Content-Type: text/plain;charset=iso-8859-1
<aside>I use ignore rather than deny to keep my logs cleaner. Deny logs
every attempt. The ignore just ignores. And yes, I realize mac filtering
can be easily defeated by a knowledgeable opponent. A weak attempt at
security is not my purpose for using mac lists.</aside>
I did not have pools. Now I do. Unfortunately, I still get the same
behavior. Just for kicks, I reversed the order of the subnets, and to my
surprise, still got the same behavior, except now the 192 subnet still
works. So the pools helped. This makes me believe the problem is the 10
subnet declaration.
I removed the 192 subnet and the shared-network and just left the 10
subnet. When I attempted to restart the DHCP server, I got the no subnet
declaration for eth0 and it exited. Adding eth0:1 to both the command line
and /etc/defaults/isc-dhcp-server did not change the result, only the
error message: "No subnet declaration for eth0:1 (No IPv4 addresses)"
So despite the shared-network statement, the DHCP server still doesn't
recognize virtual interfaces??? Can this be right?
> I'm not an expert, but I have something like this and did a little
> digging. Documentation seems to indicate the allow/deny you are trying is
> a pool-level declaration, and that's where I'm using them successfully.
> You don't appear to have a pool defined unless it's part of what you
> snipped.
>
> Oh, and they use allow/deny rather than allow/ignore, which may be
> pertinent. I certainly don't know all the options that work or don't.
>
> Is it possible that what you want is something like
>
> shared-network my-net {
> subnet 192.168.200.0 netmask 255.255.255.0 {
> pool {
> deny unknown-clients;
> range 192.168.200.194 192.168.200.200;
> } # pool declaration
> subnet #second subnet
> pool { #second pool declaration }
>
> ________________________________________
> From: [email protected] [[email protected]]
> on behalf of [email protected] [[email protected]]
> Sent: Thursday, June 04, 2015 11:16 AM
> To: [email protected]
> Subject: Problem with shared-network
>
> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:192.168.220.111 Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
>
> My goal is for the dhcp server to hand out unknown clients addresses from
> the 10.111.111.X pool, and known client to get something from the
> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
> requires a shared-network block. My dhcpd.conf file looks like (with
> comments and global options stripped out for brevity):
>
> shared-network my-net {
> subnet 192.168.200.0 netmask 255.255.255.0 {
> range 192.168.200.194 192.168.200.200;
> range 192.168.200.215 192.168.200.250;
>
> ignore unknown-clients;
> <bunch of options removed>
> } #subnet 192.168.200.0
>
> subnet 10.111.111.0 netmask 255.255.255.0 {
> range 10.111.111.5 10.111.111.200;
> allow unknown-clients;
> <bunch of options removed>
> } #subnet 10.111.111.0
> } #shared-network
>
> It runs, but only gives out 192 addresses. If I reverse the order, so the
> 10 subnet declaration comes first, then it hands out 10 addresses, but not
> 192 addresses.
>
> Any ideas what I am doing wrong?
>
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
------------------------------
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 80, Issue 5
*****************************************
