Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. isc-dhcp 4.4.2-p1 shared-network confusion (Philippe Maechler)
----------------------------------------------------------------------
Message: 1
Date: Wed, 6 Jul 2022 16:21:39 +0200
From: Philippe Maechler <plcmaech...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: isc-dhcp 4.4.2-p1 shared-network confusion
Message-ID:
<caphukgypfbr9rin5do5ekjsmwcxxwnssfi8nmmg-kgywc_h...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Good Day dhcp-users
Today we had a little network hiccup which lead me to some confusion about
our dhcp configs
Should a shared-network config, have a subnet section in it?
how does the dhcpd knows fromm which shared-network the addresses are given
out? routing-table?
We have to following scenario:
DHCP Server running on a FreeBSD host, which has four network interfaces.
On the local network there is no dhcpd used, all dhcpd traffic is from
relay-agents
Networks directly on the server:
1.1.1.10/24 for management
2.2.2.10/24 for cpe
3.3.3.10/24 for voice
4.4.4.10/24 for iptv
(I think its easier to talk about 1.1.1.1 and 2.2.2.2 than 10.254.255.0/29
and so on)
The client networks 6, 7, 10 and 20 are all behind different relay-agents.
renewals from the clients where received on bce2 and the reply went out on
bce2
but the discovers from the relay agent arrived on interface bce2 (2.2.2.10)
and the replies went out on bce3 (3.3.3.10)
that was not a problem at all until today when a new firewall was deployed
which had no route/firewalled that traffic.
the problem was solved as soon as we installed the missing route for that
relay-agent.
but this made me thinking about the pool-selection. in our case, it's
mostly done by allow-statements
but for the shared-network part, shouldn't there be at least one physically
connected interface in the config?
The configuration dhcpd.conf network part is:
# define local networks and suppress an error/warning at startup
subnet 1.1.1.0 netmask 255.255.255.0 {
# no dhcpd service in this subnet
}
subnet 2.2.2.0 netmask 255.255.255.0 {
# no dhcpd service in this subnet
}
subnet 3.3.3.0 netmask 255.255.255.0 {
# no dhcpd service in this subnet
}
subnet 4.4.4.0 netmask 255.255.255.0 {
# no dhcpd service in this subnet
}
subnet 6.6.6.0 netmask 255.255.255.0 {
option routers 6.6.6.1;
option subnet-mask 255.255.255.0;
pool {
range 6.6.6.10 6.6.6.254;
allow members of "cpes";
deny dynamic bootp clients;
}
}
subnet 7.7.7.0 netmask 255.255.255.0 {
option routers 7.7.7.1;
option subnet-mask 255.255.255.0;
pool {
range 7.7.7.10 7.7.7.254;
allow members of "voice";
deny dynamic bootp clients;
}
}
shared-network ?abc? {
subnet 10.1.1.0 netmask 255.255.255.0 {
option routers 10.1.0.1;
option subnet-mask 255.255.255.0;
pool {
range 10.1.0.10 10.1.0.254;
allow members of "iptv-group1";
deny dynamic bootp clients;
}
}
subnet 10.2.1.0 netmask 255.255.255.0 {
option routers 10.2.0.1;
option subnet-mask 255.255.255.0;
pool {
range 10.2.0.10 10.2.0.254;
allow members of "iptv-group1";
deny dynamic bootp clients;
}
}
}
shared-network ?xyz? {
subnet 20.1.1.0 netmask 255.255.255.0 {
option routers 20.1.0.1;
option subnet-mask 255.255.255.0;
pool {
range 20.1.0.10 20.1.0.254;
allow members of "iptv-group2";
deny dynamic bootp clients;
}
}
subnet 20.2.1.0 netmask 255.255.255.0 {
option routers 20.2.0.1;
option subnet-mask 255.255.255.0;
pool {
range 20.2.0.10 20.2.0.254;
allow members of "iptv-group2";
deny dynamic bootp clients;
}
}
}
/BR
Philippe
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20220706/9b90d157/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 165, Issue 2
******************************************
