DHCP with static and dynamic addresses

Hi dear fellows, I want to setup my network in the following way: 1)unknown clients get a dynamic address from range A, with router R1, and DNS1 and DNS2. 2)known clients (by specific MAC addresses) get a dynamic address from range B, with router R2, and DNS3 and DNS4. 3)known clients (by specific MAC addresses) use a fixed address from range C, with router R3, and DNS5 and DNS6. The requirement 1 was easy to setup. The requirement 3 was easy to setup with a host and a fixed-address declaration. I am having trouble with the requirement 2. If a create a host declaration without the fixed-address keyword, Code: host h2 { hardware ethernet 11:15:c5:39:14:42; option routers 192.168.160.252; } it gets an address from range A, not B. By the way, I am trying to setup this using pools: Code: subnet 192.168.160.0 netmask 255.255.255.0 { pool { range 192.168.160.1 192.168.160.128; # range A option routers 192.168.160.251; allow unknown-clients; } pool { range 192.168.160.129 192.168.160.148; # Range B option routers 192.168.160.252; deny unknown-clients; host h2 { hardware ethernet 11:15:c5:39:14:42; option routers 192.168.160.252; } } host h3{ hardware ethernet 10:25:c6:76:34:02; fixed-address 192.168.160.200 option routers 192.168.160.253; } }

 

09-14-2007, 05:17 PM	#2
thelvaci LQ Newbie   Registered: Jan 2006 Posts: 5 Rep:	If I am not wrong please check your mask values ... 255.255.255.Subnet value For example 64 IP pool it is 252.

09-15-2007, 01:04 AM	#3
Gryyphyn Member   Registered: Dec 2006 Location: Ogden, UT (Go OALUG!) Distribution: OpenSuSE 10.1 Posts: 61 Rep:	.160.* pool Quote: Originally Posted by thelvaci If I am not wrong please check your mask values ... 255.255.255.Subnet value For example 64 IP pool it is 252. If you're wanting to use the 192.168.160.* pool range you should have your mask set to 255.255.128.0, if my math is on. That's also assuming the problem isn't elsewhere. Are you running multiple routers? What's your topo? Gryyphyn

09-15-2007, 05:01 AM	#4
soroccoheaven Member   Registered: Jul 2007 Distribution: mandrake Mandriva Redhat CentOS Slackware Posts: 221 Rep:	you can verify your dhcpd configuration file ..restart dhcpd and check /var/log/messages..for any typo or other error.

09-16-2007, 07:56 AM	#5
archtoad6 Senior Member   Registered: Oct 2004 Location: Houston, TX (usa) Distribution: MEPIS, Debian, Knoppix, Posts: 4,727 Blog Entries: 15 Rep:	If the math is giving you problems, ipcalc is a very useful tool: http://freshmeat.net/projects/ipcalc/ Quote: ipcalc takes an IP address and netmask and calculates the resulting broadcast, network, Cisco wildcard mask, and host range. By giving a second netmask, you can design sub- and supernetworks. It is also intended to be a teaching tool and presents the results as easy-to-understand binary values. At one time, there was a simpler program of the same name that came w/ RH 7.2, 8.0 etc. I don't know if it's still around, but make sure you get the right one. FWIW, it's in both the MEPIS & Debian repo's that I checked.

09-17-2007, 07:21 AM	#6
marozsas Senior Member   Registered: Dec 2005 Location: Campinas/SP - Brazil Distribution: SuSE, RHEL, Fedora, Ubuntu Posts: 1,385 Blog Entries: 1 Original Poster Rep:	I'm sorry for all, but I don't understand what is the point with netmask. I'm not working with sub-nets. There is only one standard C class /24 here. Am I missing something ? The point is not to get to work with sub-class, but why the workstations are not getting addresses from pool B. Or are you saying I could get this to work if I use subnets instead a plain class C ? I never setup a DHCP server with pools, so I am not sure if this is the way to use pools, or even if pools could do what I am looking for. thanks,

09-17-2007, 07:46 AM	#7
archtoad6 Senior Member   Registered: Oct 2004 Location: Houston, TX (usa) Distribution: MEPIS, Debian, Knoppix, Posts: 4,727 Blog Entries: 15 Rep:	I'm curious: Why the need for requirement #2?

09-17-2007, 10:28 AM	#8
Lone_Wolf Member   Registered: Jul 2007 Location: Netherlands Distribution: Archlinux x86_64 Posts: 48 Rep:	A router is automatically the boundary of a (sub)network , and you have 3 different network setups. You need to define 3 subnets. Easy way : unknown clients 192.168.160.0 , netmask 255.255.255.0 known clients 192.168.160.1 , netmask 255.255.255.0 fixed address 192.168.160.2 , netmask 255.255.255.0 If you want to keep it in the same C-class adress keep in mind that subnets always start at n^2 and end at (n+1)^2 - 1 : ex : 0-127 , 128-131 , 192 - 223

09-17-2007, 10:40 AM	#9
farslayer Guru   Registered: Oct 2005 Location: Willoughby, Ohio Distribution: linuxdebian Posts: 7,231 Blog Entries: 5 Rep:	The dhcpd.conf man page shows that being done in the pool using the allow and deny statements. http://www.daemon-systems.org/man/dhcpd.conf.5.html Quote: pools can have permit lists that control which clients are allowed access to the pool and which aren't. Each entry in a pool's permit list is introduced with the allow or deny keyword. If a pool has a permit list, then only those clients that match specific entries on the permit list will be eligible to be assigned addresses from the pool. Code: subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.254; # Unknown clients get this pool. pool { option domain-name-servers bogus.example.com; max-lease-time 300; range 10.0.0.200 10.0.0.253; allow unknown-clients; } # Known clients get this pool. pool { option domain-name-servers ns1.example.com, ns2.example.com; max-lease-time 28800; range 10.0.0.5 10.0.0.199; deny unknown-clients; } } Quote: REFERENCE: ALLOW AND DENY The allow and deny statements can be used to control the response of the DHCP server to various sorts of requests. The allow and deny key- words actually have different meanings depending on the context. In a pool context, these keywords can be used to set up access lists for address allocation pools. In other contexts, the keywords simply con- trol general server behavior with respect to clients based on scope. In a non-pool context, the ignore keyword can be used in place of the deny keyword to prevent logging of denied requests. Might want to check back with the docs for how to create the lists and their proper usage.....

09-17-2007, 12:36 PM	#10
marozsas Senior Member   Registered: Dec 2005 Location: Campinas/SP - Brazil Distribution: SuSE, RHEL, Fedora, Ubuntu Posts: 1,385 Blog Entries: 1 Original Poster Rep:	Quote: Originally Posted by archtoad6 I'm curious: Why the need for requirement #2? Because we have people (in range A) who has internet access through our proxy (192.168.160.251) only, and people (in range B) who has full internet access through our firewall/gateway ((192.168.160.252). The firewall allow internet access to a range of IPs, in this case, range B. Anyone can connect to our internal network and get an address from range A. To get an IP from range B, we need to specify its MAC address at your DHCP server. That is the general idea. Your question is a good question, because other can propose a new setup that satisfy theses requirements. My original post is my attempt to implement that requirements, but any other approach is valid. I have a lot of people on both scenarios. I don't want to deal with IP assignments manually. This is my current status, I mean, I need to figure out a valid/free IP from range B to assign it to a temporary host. I have far more hosts in range B than the range itself, but only a small set is on-line at any time. So, I can't make static assignments. Thanks for asking

09-18-2007, 05:15 AM	#11
Lone_Wolf Member   Registered: Jul 2007 Location: Netherlands Distribution: Archlinux x86_64 Posts: 48 Rep:	Ok, so all systems are connected on the same LAN. Group A : dhcp address, router proxy 192.168.160.251 Groub B : dhcp address, router firewall/gateway 192.168.160.252 Group C : uses fixed ip-adresses and router 192.168.160.253 try something like this (changes are in bold): Code: subnet 192.168.160.0 netmask 255.255.255.0 { pool { range 192.168.160.1 192.168.160.127; # range A option routers 192.168.160.251; deny known-clients; allow unknown-clients; } pool { range 192.168.160.128 192.168.160.148; # Range B option routers 192.168.160.252; deny unknown-clients; host h2 { hardware ethernet 11:15:c5:39:14:42; } } pool { range 192.168.160.x 192.168.160.y; # Range C option routers 192.168.160.253; host h3 { hardware ethernet 10:25:c6:76:34:02; fixed-address 192.168.160.200 } } } Notes : - to keep things clear you should have 3 pools - replace x and y with appropriate values for range c - While this may not be the most efficient setup, it should do what you want. Last edited by Lone_Wolf; 09-18-2007 at 05:17 AM. Reason: typos

09-18-2007, 07:57 AM	#12
marozsas Senior Member   Registered: Dec 2005 Location: Campinas/SP - Brazil Distribution: SuSE, RHEL, Fedora, Ubuntu Posts: 1,385 Blog Entries: 1 Original Poster Rep:	Hi Lone Wolf, I have tried your suggestion, no luck. Host h2 still getting an address from range A. looks like it is a unknown client for dhcp server... An even worse, I am getting the following error message: Code: Dynamic and static leases present for 192.168.160.200. Remove host declaration h3 or remove 192.168.160.200 from the dynamic address pool for 192.168.160/24 I am starting to think the host declaration is not the proper way to declare a host as a know-client. I will investigate this.... In the mean time, if one has any information about this, I appreciate the enlightenment.... cheers,

09-18-2007, 01:04 PM	#13
Gryyphyn Member   Registered: Dec 2006 Location: Ogden, UT (Go OALUG!) Distribution: OpenSuSE 10.1 Posts: 61 Rep:	missed it Quote: Originally Posted by marozsas Hi dear fellows, I want to setup my network in the following way: 1)unknown clients get a dynamic address from range A, with router R1, and DNS1 and DNS2. 2)known clients (by specific MAC addresses) get a dynamic address from range B, with router R2, and DNS3 and DNS4. 3)known clients (by specific MAC addresses) use a fixed address from range C, with router R3, and DNS5 and DNS6. The requirement 1 was easy to setup. The requirement 3 was easy to setup with a host and a fixed-address declaration. I am having trouble with the requirement 2. If a create a host declaration without the fixed-address keyword, Code: host h2 { hardware ethernet 11:15:c5:39:14:42; option routers 192.168.160.252; } it gets an address from range A, not B. By the way, I am trying to setup this using pools: Code: subnet 192.168.160.0 netmask 255.255.255.0 { pool { range 192.168.160.1 192.168.160.128; # range A option routers 192.168.160.251; allow unknown-clients; } pool { range 192.168.160.129 192.168.160.148; # Range B option routers 192.168.160.252; deny unknown-clients; host h2 { hardware ethernet 11:15:c5:39:14:42; option routers 192.168.160.252; } } host h3{ hardware ethernet 10:25:c6:76:34:02; fixed-address 192.168.160.200 option routers 192.168.160.253; } } Ok, first I missed part of the initial statement. My bad. It looks like your configuration is expecting a fixed address definition for any computer coming on that's unknown. Contradictory, but that's what I see. Try taking a previously unknown host and configuring it manually in your config Code: fixed-address ... and see if it drops the correct address. That's what I would suggest as a first step. If that works then the problem isn't with the server, it's with the client request formatting (I'd guess). Gryyphyn

09-19-2007, 05:11 PM

#14

marozsas Senior Member   Registered: Dec 2005 Location: Campinas/SP - Brazil Distribution: SuSE, RHEL, Fedora, Ubuntu Posts: 1,385 Blog Entries: 1 Original Poster Rep:

Solved. Thanks for all had answered this thread. The following configuration file is working now, thanks for both suggestion from this forum, a carefull reading of man page, and a change on original requirements. There is no range C anymore. Hosts supposed to get a address from range C are set using a static address in client side. I was unable to setup the DHCP server with 3 ranges, only 2. The first one is the range A, gateway through a proxy at 192.168.160.251; Hosts for this range are unknown, I mean, any host can get a address from this pool. The second one is he range B, direct access to internet through gateway 192.168.160.252; Hosts for this range are known by advance, I mean, only hosts that have a host declaration can get a address from this pool. Code: subnet 192.168.160.0 netmask 255.255.255.0 { pool { #range A allow unknown-clients; deny known-clients; range dynamic-bootp 192.168.160.1 192.168.160.128; option routers 192.168.160.251; # proxy } pool { # range B deny unknown-clients; range dynamic-bootp 192.168.160.129 192.168.160.142; } } # internet access group group { option routers 192.168.160.252; # gateway/firewall # follow other common declarations for hosts in this group host h21 {hardware ethernet fa:ke:00:00:00:01;} host h22 {hardware ethernet fa:ke:00:00:00:02;} # etc.. } To people had suggested to use host declarations with fixed-address, I learned the fixed address must be NOT IN the pool range NEITHER IN subnet range. Otherwise I got in the log file the following error message: Code: Sep 17 14:43:49 bigslam dhcpd: Remove host declaration h21 or remove 192.168.160.142 Sep 17 14:43:49 bigslam dhcpd: from the dynamic address pool for 192.168.160/24 although is fine to use something like this: Code: host h31 { hardware ethernet fa:ke:00:00:00:31; fixed-address 10.10.10.1; } PS: well, looks like the fixed-address works with an address within the range/subnet/pool address, but I still got the warning messages in the log file. I am not sure what happens in this case. As range 3 is small, I made a choice for a clean log file.