LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-14-2007, 09:38 AM   #1
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Rep: Reputation: 63
DHCP with static and dynamic addresses


Hi dear fellows,

I want to setup my network in the following way:

1)unknown clients get a dynamic address from range A, with router R1, and DNS1 and DNS2.

2)known clients (by specific MAC addresses) get a dynamic address from range B, with router R2, and DNS3 and DNS4.

3)known clients (by specific MAC addresses) use a fixed address from range C, with router R3, and DNS5 and DNS6.

The requirement 1 was easy to setup.
The requirement 3 was easy to setup with a host and a fixed-address declaration.

I am having trouble with the requirement 2. If a create a host declaration without the fixed-address keyword,
Code:
host h2 {
  hardware ethernet 11:15:c5:39:14:42;
  option routers 192.168.160.252;
}
it gets an address from range A, not B. By the way, I am trying to setup this using pools:
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
 pool {
  range 192.168.160.1 192.168.160.128; # range A
  option routers 192.168.160.251;
  allow unknown-clients;
 }
 pool {
  range 192.168.160.129 192.168.160.148; # Range B
  option routers 192.168.160.252;
  deny unknown-clients;

  host h2 {
   hardware ethernet 11:15:c5:39:14:42;
   option routers 192.168.160.252;
  }
 }

 host h3{
  hardware ethernet 10:25:c6:76:34:02;
  fixed-address 192.168.160.200
  option routers 192.168.160.253;
 }
}
 
Old 09-14-2007, 04:17 PM   #2
thelvaci
LQ Newbie
 
Registered: Jan 2006
Posts: 5

Rep: Reputation: 0
If I am not wrong please check your mask values ...

255.255.255.Subnet value

For example 64 IP pool it is 252.
 
Old 09-15-2007, 12:04 AM   #3
Gryyphyn
Member
 
Registered: Dec 2006
Location: Ogden, UT (Go OALUG!)
Distribution: OpenSuSE 10.1
Posts: 61

Rep: Reputation: 15
.160.* pool

Quote:
Originally Posted by thelvaci View Post
If I am not wrong please check your mask values ...

255.255.255.Subnet value

For example 64 IP pool it is 252.
If you're wanting to use the 192.168.160.* pool range you should have your mask set to 255.255.128.0, if my math is on. That's also assuming the problem isn't elsewhere.

Are you running multiple routers? What's your topo?

Gryyphyn
 
Old 09-15-2007, 04:01 AM   #4
soroccoheaven
Member
 
Registered: Jul 2007
Distribution: mandrake Mandriva Redhat CentOS Slackware
Posts: 221

Rep: Reputation: 30
you can verify your dhcpd configuration file ..restart dhcpd and check /var/log/messages..for any typo or other error.
 
Old 09-16-2007, 06:56 AM   #5
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
If the math is giving you problems, ipcalc is a very useful tool:
http://freshmeat.net/projects/ipcalc/
Quote:
ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design sub- and supernetworks. It is also intended to be a teaching tool and presents the results as easy-to-understand binary values.
At one time, there was a simpler program of the same name that came w/ RH 7.2, 8.0 etc. I don't know if it's still around, but make sure you get the right one. FWIW, it's in both the MEPIS & Debian repo's that I checked.
 
Old 09-17-2007, 06:21 AM   #6
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 63
I'm sorry for all, but I don't understand what is the point with netmask.
I'm not working with sub-nets. There is only one standard C class /24 here.
Am I missing something ?

The point is not to get to work with sub-class, but why the workstations are not getting addresses from pool B.

Or are you saying I could get this to work if I use subnets instead a plain class C ?

I never setup a DHCP server with pools, so I am not sure if this is the way to use pools, or even if pools could do what I am looking for.

thanks,
 
Old 09-17-2007, 06:46 AM   #7
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
I'm curious: Why the need for requirement #2?
 
Old 09-17-2007, 09:28 AM   #8
Lone_Wolf
Member
 
Registered: Jul 2007
Location: Netherlands
Distribution: Archlinux x86_64
Posts: 48

Rep: Reputation: 20
A router is automatically the boundary of a (sub)network , and you have 3 different network setups.

You need to define 3 subnets.
Easy way :
unknown clients 192.168.160.0 , netmask 255.255.255.0
known clients 192.168.160.1 , netmask 255.255.255.0
fixed address 192.168.160.2 , netmask 255.255.255.0

If you want to keep it in the same C-class adress keep in mind that subnets always start at n^2 and end at (n+1)^2 - 1 :
ex : 0-127 , 128-131 , 192 - 223
 
Old 09-17-2007, 09:40 AM   #9
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,228
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
The dhcpd.conf man page shows that being done in the pool using the allow and deny statements.
http://www.daemon-systems.org/man/dhcpd.conf.5.html
Quote:
pools can have permit lists that control which clients are allowed access to the pool and which aren't. Each entry in a pool's permit list is introduced with the allow or deny keyword. If a pool has a permit list, then only those clients that match specific entries on the permit list will be eligible to be assigned addresses from the pool.
Code:
       subnet 10.0.0.0 netmask 255.255.255.0 {
         option routers 10.0.0.254;

         # Unknown clients get this pool.
         pool {
           option domain-name-servers bogus.example.com;
           max-lease-time 300;
           range 10.0.0.200 10.0.0.253;
           allow unknown-clients;
         }

         # Known clients get this pool.
         pool {
           option domain-name-servers ns1.example.com, ns2.example.com;
           max-lease-time 28800;
           range 10.0.0.5 10.0.0.199;
           deny unknown-clients;
         }
       }
Quote:
REFERENCE: ALLOW AND DENY
The allow and deny statements can be used to control the response of
the DHCP server to various sorts of requests. The allow and deny key-
words actually have different meanings depending on the context. In a
pool context, these keywords can be used to set up access lists for
address allocation pools. In other contexts, the keywords simply con-
trol general server behavior with respect to clients based on scope.
In a non-pool context, the ignore keyword can be used in place of the
deny keyword to prevent logging of denied requests.
Might want to check back with the docs for how to create the lists and their proper usage.....
 
Old 09-17-2007, 11:36 AM   #10
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 63
Quote:
Originally Posted by archtoad6 View Post
I'm curious: Why the need for requirement #2?
Because we have people (in range A) who has internet access through our proxy (192.168.160.251) only, and people (in range B) who has full internet access through our firewall/gateway ((192.168.160.252).

The firewall allow internet access to a range of IPs, in this case, range B.

Anyone can connect to our internal network and get an address from range A.

To get an IP from range B, we need to specify its MAC address at your DHCP server.

That is the general idea.

Your question is a good question, because other can propose a new setup that satisfy theses requirements. My original post is my attempt to implement that requirements, but any other approach is valid.

I have a lot of people on both scenarios. I don't want to deal with IP assignments manually. This is my current status, I mean, I need to figure out a valid/free IP from range B to assign it to a temporary host. I have far more hosts in range B than the range itself, but only a small set is on-line at any time. So, I can't make static assignments.

Thanks for asking
 
Old 09-18-2007, 04:15 AM   #11
Lone_Wolf
Member
 
Registered: Jul 2007
Location: Netherlands
Distribution: Archlinux x86_64
Posts: 48

Rep: Reputation: 20
Ok, so all systems are connected on the same LAN.

Group A : dhcp address, router proxy 192.168.160.251
Groub B : dhcp address, router firewall/gateway 192.168.160.252
Group C : uses fixed ip-adresses and router 192.168.160.253

try something like this (changes are in bold):

Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
 pool {
  range 192.168.160.1 192.168.160.127; # range A
  option routers 192.168.160.251;
  deny known-clients;
  allow unknown-clients;
 }
 pool {
  range 192.168.160.128 192.168.160.148; # Range B
  option routers 192.168.160.252;
  deny unknown-clients;

  host h2 {
   hardware ethernet 11:15:c5:39:14:42;
    }
 }
 pool {
  range 192.168.160.x 192.168.160.y;  # Range C
  option routers 192.168.160.253;
 host h3 {
  hardware ethernet 10:25:c6:76:34:02;
  fixed-address 192.168.160.200
   }
 }
}
Notes :
- to keep things clear you should have 3 pools
- replace x and y with appropriate values for range c
- While this may not be the most efficient setup, it should do what you want.

Last edited by Lone_Wolf; 09-18-2007 at 04:17 AM. Reason: typos
 
Old 09-18-2007, 06:57 AM   #12
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 63
Hi Lone Wolf,

I have tried your suggestion, no luck.
Host h2 still getting an address from range A. looks like it is a unknown client for dhcp server...

An even worse, I am getting the following error message:
Code:
Dynamic and static leases present for 192.168.160.200.
Remove host declaration h3 or remove 192.168.160.200
from the dynamic address pool for 192.168.160/24
I am starting to think the host declaration is not the proper way to declare a host as a know-client.
I will investigate this....

In the mean time, if one has any information about this, I appreciate the enlightenment....

cheers,
 
Old 09-18-2007, 12:04 PM   #13
Gryyphyn
Member
 
Registered: Dec 2006
Location: Ogden, UT (Go OALUG!)
Distribution: OpenSuSE 10.1
Posts: 61

Rep: Reputation: 15
missed it

Quote:
Originally Posted by marozsas View Post
Hi dear fellows,

I want to setup my network in the following way:

1)unknown clients get a dynamic address from range A, with router R1, and DNS1 and DNS2.

2)known clients (by specific MAC addresses) get a dynamic address from range B, with router R2, and DNS3 and DNS4.

3)known clients (by specific MAC addresses) use a fixed address from range C, with router R3, and DNS5 and DNS6.

The requirement 1 was easy to setup.
The requirement 3 was easy to setup with a host and a fixed-address declaration.

I am having trouble with the requirement 2. If a create a host declaration without the fixed-address keyword,
Code:
host h2 {
  hardware ethernet 11:15:c5:39:14:42;
  option routers 192.168.160.252;
}
it gets an address from range A, not B. By the way, I am trying to setup this using pools:
Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
 pool {
  range 192.168.160.1 192.168.160.128; # range A
  option routers 192.168.160.251;
  allow unknown-clients;
 }
 pool {
  range 192.168.160.129 192.168.160.148; # Range B
  option routers 192.168.160.252;
  deny unknown-clients;

  host h2 {
   hardware ethernet 11:15:c5:39:14:42;
   option routers 192.168.160.252;
  }
 }

 host h3{
  hardware ethernet 10:25:c6:76:34:02;
  fixed-address 192.168.160.200
  option routers 192.168.160.253;
 }
}
Ok, first I missed part of the initial statement. My bad.

It looks like your configuration is expecting a fixed address definition for any computer coming on that's unknown. Contradictory, but that's what I see. Try taking a previously unknown host and configuring it manually in your config
Code:
fixed-address ...
and see if it drops the correct address.

That's what I would suggest as a first step. If that works then the problem isn't with the server, it's with the client request formatting (I'd guess).

Gryyphyn
 
Old 09-19-2007, 04:11 PM   #14
marozsas
Senior Member
 
Registered: Dec 2005
Location: Campinas/SP - Brazil
Distribution: SuSE, RHEL, Fedora, Ubuntu
Posts: 1,393
Blog Entries: 1

Original Poster
Rep: Reputation: 63
Solved.
Thanks for all had answered this thread.

The following configuration file is working now, thanks for both suggestion from this forum, a carefull reading of man page, and a change on original requirements. There is no range C anymore.
Hosts supposed to get a address from range C are set using a static address in client side.
I was unable to setup the DHCP server with 3 ranges, only 2.
The first one is the range A, gateway through a proxy at 192.168.160.251; Hosts for this range are unknown, I mean, any host can get a address from this pool.
The second one is he range B, direct access to internet through gateway 192.168.160.252;
Hosts for this range are known by advance, I mean, only hosts that have a host declaration can get a address from this pool.

Code:
subnet 192.168.160.0 netmask 255.255.255.0 {
        pool { #range A
                allow unknown-clients;
                deny known-clients;
                range dynamic-bootp 192.168.160.1 192.168.160.128;
                option routers 192.168.160.251; # proxy
        }
        pool { # range B
                deny unknown-clients;
                range dynamic-bootp 192.168.160.129 192.168.160.142;
        }
}
# internet access group
group {
        option routers 192.168.160.252; # gateway/firewall
        # follow other common declarations for hosts in this group

        host h21 {hardware ethernet fa:ke:00:00:00:01;}
        host h22 {hardware ethernet fa:ke:00:00:00:02;}
        # etc..
}
To people had suggested to use host declarations with fixed-address, I learned the fixed address must be NOT IN the pool range NEITHER IN subnet range. Otherwise I got in the log file the following error message:
Code:
Sep 17 14:43:49 bigslam dhcpd: Remove host declaration h21 or remove 192.168.160.142
Sep 17 14:43:49 bigslam dhcpd: from the dynamic address pool for 192.168.160/24
although is fine to use something like this:
Code:
host h31 {
  hardware ethernet fa:ke:00:00:00:31;
  fixed-address 10.10.10.1;
}
PS: well, looks like the fixed-address works with an address within the range/subnet/pool address, but I still got the warning messages in the log file. I am not sure what happens in this case. As range 3 is small, I made a choice for a clean log file.

Last edited by marozsas; 09-19-2007 at 04:12 PM.
 
  


Reply

Tags
dhcp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
From DHCP back to static addresses energiza Linux - Networking 2 08-10-2006 11:57 AM
mixing static and dynamic ip addresses bobwall Linux - Networking 5 07-21-2004 07:47 PM
Connect static and dynamic DHCP with VLANs FatMike Linux - Software 0 11-12-2003 07:08 AM
Dynamic DHCP or static IP joeljensen Linux - Networking 7 04-01-2003 01:50 PM
DNS, NIS, Static <-> Dynamic DHCP, Proxy bjc Linux - Networking 5 11-12-2000 05:20 AM


All times are GMT -5. The time now is 09:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration