Send dhcp-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: Problem with shared-network (Simon Hobson)
2. Re: Problem with shared-network (Bob Harold)
3. RE: Problem with shared-network (Michael Morrow)
4. DHCP RFC5107 Support (Darren Ward (darrward))
5. RE: Problem with shared-network (Glenn Satchell)
----------------------------------------------------------------------
Message: 1
Date: Thu, 4 Jun 2015 21:14:05 +0100
From: Simon Hobson <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: Problem with shared-network
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
On 4 Jun 2015, at 17:16, [email protected] wrote:
> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>
> My server has a single NIC, and using iproute, I've added additional
> addresses (some lines snipped for brevity):
>
> eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:192.168.220.111 Bcast:192.168.220.255
> Mask:255.255.255.0
>
> eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
> inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
Try ditching the alias interface and just add the address to the main
interface, so you'd end up with :
eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
inet addr:192.168.220.111 Bcast:192.168.220.255 Mask:255.255.255.0
inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
That can be done with "ip addr add 10.111.111.1/24 dev eth0", and it can be
automated by putting it in /etc/network/interfaces as a post-up line :
post-ip ip addr add 10.111.111.1/24 dev eth0
------------------------------
Message: 2
Date: Thu, 4 Jun 2015 16:32:57 -0400
From: Bob Harold <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Re: Problem with shared-network
Message-ID:
<CA+nkc8DdJ7uDqxn0FMMd=s-hiqjhinuypu5gimzsmpteaya...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
On Thu, Jun 4, 2015 at 1:38 PM, <[email protected]> wrote:
> <aside>I use ignore rather than deny to keep my logs cleaner. Deny logs
> every attempt. The ignore just ignores. And yes, I realize mac filtering
> can be easily defeated by a knowledgeable opponent. A weak attempt at
> security is not my purpose for using mac lists.</aside>
>
> I did not have pools. Now I do. Unfortunately, I still get the same
> behavior. Just for kicks, I reversed the order of the subnets, and to my
> surprise, still got the same behavior, except now the 192 subnet still
> works. So the pools helped. This makes me believe the problem is the 10
> subnet declaration.
>
> I removed the 192 subnet and the shared-network and just left the 10
> subnet. When I attempted to restart the DHCP server, I got the no subnet
> declaration for eth0 and it exited. Adding eth0:1 to both the command line
> and /etc/defaults/isc-dhcp-server did not change the result, only the
> error message: "No subnet declaration for eth0:1 (No IPv4 addresses)"
>
> DHCP needs the 192 subnet to be defined. It does not need to have a
range, or any options, it can be an empty definition, but if it is not
defined, it will ignore that interface.
> So despite the shared-network statement, the DHCP server still doesn't
> recognize virtual interfaces??? Can this be right?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20150604/6c9ba466/attachment-0001.html>
------------------------------
Message: 3
Date: Thu, 4 Jun 2015 21:51:24 +0000
From: Michael Morrow <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: Problem with shared-network
Message-ID:
<134a9f8170549840b70580cca8cd7ec104d32...@honts30008b.homeoffice.wal-mart.com>
Content-Type: text/plain; charset="us-ascii"
I think the key thing you are missing is pool declarations based off of Bob
Harold's comment earlier:
"... you should use deny unknown-clients; inside of your address pool, as
described under
the heading ALLOW AND DENY WITHIN POOL DECLARATIONS."
shared-network my-net {
subnet 192.168.200.0 netmask 255.255.255.0 {
pool {
range 192.168.200.194 192.168.200.200;
range 192.168.200.215 192.168.200.250;
ignore unknown-clients;
}
<bunch of options removed>
} #subnet 192.168.200.0
subnet 10.111.111.0 netmask 255.255.255.0 {
pool {
range 10.111.111.5 10.111.111.200;
allow unknown-clients;
}
<bunch of options removed>
} #subnet 10.111.111.0
} #shared-network
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of
[email protected]
Sent: Thursday, June 04, 2015 11:17 AM
To: [email protected]
Subject: Problem with shared-network
I have a Debian 7.0 running isc-dhcp-server 4.2.2.
My server has a single NIC, and using iproute, I've added additional
addresses (some lines snipped for brevity):
eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
inet addr:192.168.220.111 Bcast:192.168.220.255
Mask:255.255.255.0
eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
inet addr:10.111.111.1 Bcast:10.255.255.255 Mask:255.255.255.0
My goal is for the dhcp server to hand out unknown clients addresses from
the 10.111.111.X pool, and known client to get something from the
192.168.220.X pool. Since these are on the same subnet, I [believe] this
requires a shared-network block. My dhcpd.conf file looks like (with
comments and global options stripped out for brevity):
shared-network my-net {
subnet 192.168.200.0 netmask 255.255.255.0 {
range 192.168.200.194 192.168.200.200;
range 192.168.200.215 192.168.200.250;
ignore unknown-clients;
<bunch of options removed>
} #subnet 192.168.200.0
subnet 10.111.111.0 netmask 255.255.255.0 {
range 10.111.111.5 10.111.111.200;
allow unknown-clients;
<bunch of options removed>
} #subnet 10.111.111.0
} #shared-network
It runs, but only gives out 192 addresses. If I reverse the order, so the
10 subnet declaration comes first, then it hands out 10 addresses, but not
192 addresses.
Any ideas what I am doing wrong?
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
This email and any files transmitted with it are confidential and intended
solely for the individual or entity to whom they are addressed. If you have
received this email in error destroy it immediately. *** Walmart Confidential
***
------------------------------
Message: 4
Date: Fri, 5 Jun 2015 01:25:56 +0000
From: "Darren Ward (darrward)" <[email protected]>
To: "[email protected]" <[email protected]>
Subject: DHCP RFC5107 Support
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hi All
Trying to get ISC to honor an RFC5107 compliance relay servers setting of the
override-server-id suboption
When I use this to Cisco Network Registrar server the server-id field is
correctly set to the relay but to the ISC server the server-id field is still
being set to the ISC DHCP Server Address
This causes subsequent RENEW/REFRESH to try and go direct from client to server
and not via the relay which is breaking session management as the state gets
out of sync
Please advise how to configure ISC to be RFC 5107 compliant
Regards
Darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20150605/e1c5ecdc/attachment-0001.html>
------------------------------
Message: 5
Date: Fri, 5 Jun 2015 16:10:49 +1000
From: "Glenn Satchell" <[email protected]>
To: "Users of ISC DHCP" <[email protected]>
Subject: RE: Problem with shared-network
Message-ID:
<[email protected]>
Content-Type: text/plain;charset=iso-8859-1
In addition to the subnet and pool declarations you also need "host"
statements for each of the clients you want to be "known". A client
matches the "deny unknown-clients" if it has a host statement, otherwise
it matches "allow unknown-clients".
host "known1" { hardware ethernet aa:bb:cc:dd:ee:ff; }
shared-network my-net {
subnet 192.168.200.0 netmask 255.255.255.0 {
pool {
deny unknown-clients;
range 192.168.200.194 192.168.200.200;
} # pool declaration
subnet 10.111.111.0 netmask 255.255.255.0 {
pool {
allow unknown-clients;
range 10.111.111.5 10.111.111.200; }
}
}
regards,
-glenn
On Fri, June 5, 2015 3:38 am, [email protected] wrote:
> <aside>I use ignore rather than deny to keep my logs cleaner. Deny logs
> every attempt. The ignore just ignores. And yes, I realize mac filtering
> can be easily defeated by a knowledgeable opponent. A weak attempt at
> security is not my purpose for using mac lists.</aside>
>
> I did not have pools. Now I do. Unfortunately, I still get the same
> behavior. Just for kicks, I reversed the order of the subnets, and to my
> surprise, still got the same behavior, except now the 192 subnet still
> works. So the pools helped. This makes me believe the problem is the 10
> subnet declaration.
>
> I removed the 192 subnet and the shared-network and just left the 10
> subnet. When I attempted to restart the DHCP server, I got the no subnet
> declaration for eth0 and it exited. Adding eth0:1 to both the command line
> and /etc/defaults/isc-dhcp-server did not change the result, only the
> error message: "No subnet declaration for eth0:1 (No IPv4 addresses)"
>
> So despite the shared-network statement, the DHCP server still doesn't
> recognize virtual interfaces??? Can this be right?
>
>> I'm not an expert, but I have something like this and did a little
>> digging. Documentation seems to indicate the allow/deny you are trying
>> is
>> a pool-level declaration, and that's where I'm using them successfully.
>> You don't appear to have a pool defined unless it's part of what you
>> snipped.
>>
>> Oh, and they use allow/deny rather than allow/ignore, which may be
>> pertinent. I certainly don't know all the options that work or don't.
>>
>> Is it possible that what you want is something like
>>
>> shared-network my-net {
>> subnet 192.168.200.0 netmask 255.255.255.0 {
>> pool {
>> deny unknown-clients;
>> range 192.168.200.194 192.168.200.200;
>> } # pool declaration
>> subnet #second subnet
>> pool { #second pool declaration }
>>
>> ________________________________________
>> From: [email protected]
>> [[email protected]]
>> on behalf of [email protected]
>> [[email protected]]
>> Sent: Thursday, June 04, 2015 11:16 AM
>> To: [email protected]
>> Subject: Problem with shared-network
>>
>> I have a Debian 7.0 running isc-dhcp-server 4.2.2.
>>
>> My server has a single NIC, and using iproute, I've added additional
>> addresses (some lines snipped for brevity):
>>
>> eth0 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
>> inet addr:192.168.220.111 Bcast:192.168.220.255
>> Mask:255.255.255.0
>>
>> eth0:1 Link encap:Ethernet HWaddr 00:50:56:XX:XX:XX
>> inet addr:10.111.111.1 Bcast:10.255.255.255
>> Mask:255.255.255.0
>>
>> My goal is for the dhcp server to hand out unknown clients addresses
>> from
>> the 10.111.111.X pool, and known client to get something from the
>> 192.168.220.X pool. Since these are on the same subnet, I [believe] this
>> requires a shared-network block. My dhcpd.conf file looks like (with
>> comments and global options stripped out for brevity):
>>
>> shared-network my-net {
>> subnet 192.168.200.0 netmask 255.255.255.0 {
>> range 192.168.200.194 192.168.200.200;
>> range 192.168.200.215 192.168.200.250;
>>
>> ignore unknown-clients;subnet 10.111.111.0 netmask
255.255.255.0 {
>> range 10.111.111.5 10.111.111.200;
>> <bunch of options removed>
>> } #subnet 192.168.200.0
>>
>> subnet 10.111.111.0 netmask 255.255.255.0 {
>> range 10.111.111.5 10.111.111.200;
>> allow unknown-clients;
>> <bunch of options removed>
>> } #subnet 10.111.111.0
>> } #shared-network
>>
>> It runs, but only gives out 192 addresses. If I reverse the order, so
>> the
>> 10 subnet declaration comes first, then it hands out 10 addresses, but
>> not
>> 192 addresses.
>>
>> Any ideas what I am doing wrong?
>>
------------------------------
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 80, Issue 6
*****************************************
