Hi Josh, Looking at the files, it appears that you used sub-interfaces, not VLANed interfaces (eth0:1 versus eth0.1). It is important to understand the difference between the two. Sub-interfaces are used to add multiple ips/subnets to the same physical interfaces while VLAN interface are "virtual" interface to untag packets coming in with 802.1q tags. Of course DHCP will complain if you use multiple subnets on eth0.
Before going further, is your small switch supports VLANs or not? If it does not, you will need to use Inline mode. On 12-02-16 8:25 AM, Nathan, Josh wrote: > Hello, I'm new to PacketFence and am trying it out in a tiny sandbox > environment. Right now I have a proxy (gateway) server, my PF/DHCP > server, and then a laptop connected to a little 8-port ethernet switch. > Right now, both servers have two NICs each (one of which is connected to > the sandbox environment, the other connected to a router which gives > each Internet access). The goal is to get it so that when the laptop > tries to get an IP Address, it has to be registered, and then allowed > access to the Internet. > > The problem I'm having is that if I try to setup a Monitor, > Registration, and Isolation network on my PF server, DHCP won't start > complaining that "Interface eth0 matches multiple shared networks". I > tried combining them into just eth0, but then the laptop either has > Internet access with or without being registered or it never gets > Internet access. > > Yes, I did run the configurator.pl, but that left me with the DHCP > error. Since, I've been reading forums, etc, and editing the various > files manually to no avail. Unfortuantely, I've tried enough things that > there might be some "glaring" problems right now, but any help would be > immensely appreciated. > > I'm running CentOS 5.7 (I initially install CentOS 5.3, but apparently > amidst all the updates it went to 5.7... at least /etc/redhat-release > says I'm on 5.7 now). > > Below are my various conf files, but first here's what I get when trying > to start PF (note, Snort always fails to start and take pfdetect down > with it... but I can then start pfdetect again and it will stay up as > long as I leave snort down. Not sure how much of my problem is related > to that. > > Starting PacketFence...Checking configuration sanity... > service|command > config files|start > iptables|start > named|start > Internet Systems Consortium DHCP Server V3.0.5-RedHat > Copyright 2004-2006 Internet Systems Consortium. > All rights reserved. > For info, please visit http://www.isc.org/sw/dhcp/ > Wrote 0 leases to leases file. > Interface eth0 matches multiple shared networks > > If you did not get this software from ftp.isc.org, please > get the latest from ftp.isc.org and install that before > requesting help. > > If you did get this software from ftp.isc.org and have not > yet read the README, please read it before requesting help. > If you intend to request help from the [email protected] > mailing list, please read the section on the README about > submitting bug reports and requests for help. > > Please do not under any circumstances send requests for > help directly to the authors of this software - please > send them to the appropriate mailing list as described in > the README file. > > exiting. > dhcpd|start > radiusd|start > httpd|start > snmptrapd|start > pfdetect|start > pfsetvlan|start > pfdhcplistener|start > pfmon|start > snort|start > > Here are my conf files... > /usr/local/pf/conf/pf.conf: > [general] > domain=bfa > hostname=alexander > dnsservers=194.25.0.60 > > [trapping] > range=172.25.0.0/16,172.25.20.0/16 > detection=enabled > registration=enabled > > [alerting] > emailaddr=[my email address] > > [scan] > pass=[valid password] > registration=enabled > > [database] > pass=packetfence > db=pf > user=pf > port=3306 > host=localhost > > [interface eth0] > type=monitor > > [interface eth0:1] > ip=172.25.10.1 > mask=255.255.255.0 > gateway=172.25.10.1 > type=internal > enforcement=vlan > > [interface eth0:2] > ip=172.25.20.1 > mask=255.255.255.0 > gateway=172.25.20.1 > type=internal > enforcement=vlan > > [interface eth1] > ip=10.0.220.42 > mask=255.0.0.0 > gateway=10.0.220.3 > type=management > > /usr/local/pf/conf/networks.conf: > [172.25.10.0] > type=vlan-registration > netmask=255.255.255.0 > gateway=172.25.0.1 > named=enabled > dns=172.25.10.1 > domain-name=registration.bfa > dhcpd=enabled > dhcp_start=172.25.10.10 > dhcp_end=172.25.10.250 > dhcp_default_lease_time=300 > dhcp_max_lease_time=300 > > [172.25.20.0] > type=vlan-isolation > netmask=255.255.255.0 > gateway=172.25.0.1 > named=enabled > dns=172.25.20.1 > domain-name=isolation.bfa > dhcpd=enabled > dhcp_start=172.25.20.10 > dhcp_end=172.25.20.250 > dhcp_default_lease_time=300 > dhcp_max_lease_time=300 > > And here are my ifcfg files for the NIC (for whatever reason, mine had > colons instead of dots in the script name)... > /etc/sysconfig/ifcfg-eth0: > DEVICE=eth0 > BOOTPROTO=none > BROADCAST=172.25.255.255 > HWADDR=00:1B:21:6E:A3:21 > IPADDR=172.25.0.2 > IPV6INIT=no > IPV6_AUTOCONF=yes > NETMASK=255.255.0.0 > NETWORK=172.25.0.0 > ONBOOT=yes > TYPE=Ethernet > PEERDNS=yes > USERCTL=no > > /etc/sysconfig/ifcfg-eth0:1 > GATEWAY=172.25.0.1 > TYPE=Ethernet > DEVICE=eth0:1 > BOOTPROTO=static > NETMASK=255.255.255.0 > IPADDR=172.25.10.1 > USERCTL=no > IPV6INIT=no > ONPARENT=yes > PEERDNS=yes > ONBOOT=yes > VLAN=yes > > /etc/sysconfig/ifcfg-eth0:2 > GATEWAY=172.25.0.1 > TYPE=Ethernet > DEVICE=eth0:2 > BOOTPROTO=static > NETMASK=255.255.255.0 > IPADDR=172.25.20.1 > USERCTL=no > IPV6INIT=no > ONPARENT=yes > PEERDNS=yes > ONBOOT=yes > VLAN=yes > > Thanks!!! > Josh > > > ------------------------------------------------------------------------------ > Virtualization& Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > > > > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
