[DHCP] Re: Subnetting 192.168.10.0/24
Ashley M. Kirchner
ashley at pcraft.com
Sun Sep 30 00:22:42 UTC 2007
Simon Hobson wrote:
> That is BAD, you have fixed-address which are also available for
> allocation dynamically. Any address that is not to be dynamically
> allocated must NOT be in a range statement.
I have to keep those IPs. I can't change them to contiguous, I
can't do anything with those devices, they're set by vendors.
By your answer then, it means I can NOT use the entire
192.168.10.0/24 range for dynamic allocations because that would also
include those static IPs. Which to me means I would have to set
multiple ranges across the /24 address space so to exclude the static
IPs. Correct? In my case I can do .10.30 - .10.90, then skip and set
another range from .10.120 - .10.230 and stop there since the high
numbers are once again reserved.
This whole switching to DHCP started when someone upstairs said they
wanted a wireless access point available to clients, however it has to
be limited but at the same time permissive. Let me explain:
The access point needs to allow both known as well as unknown
clients, with the known ones being co-workers, and unknown being anyone
that walks into the building with a device. If the client is a known
client, provide full routing and DNS to them. If the client is unknown,
then provide an IP that allows it to access a shared NFS/Samba drive and
that's it. They don't get internet or any other routing.
So, the server I'm setting this on already has 3 network interfaces
on it:
eth0 - public IP
eth1 - 192.168.10.0/24 -> internal network switch
eth2 - 192.168.20.0/24 -> internal backup switch
* those are two completely different switches by the way
At the moment, our entire internal network lives off of eth1 which
routes through eth0. eth2 is used between servers for backup purposes.
They communicated with each other via that interface, however there is
no routing for that interface on any of the servers - in other words, if
I shutdown all interfaces on a server and only leave their .20.0/24
interface up, they can no longer hit the internet, only see each other.
This is the desired design, not something broken. We did this on purpose.
So, ideally I want an unknown client to get an IP that's in the
.20.0/24 range so that it can "see" the server and able to access its
NFS/Samba share, however it wouldn't be able to get to the internet or
our internal network. And if the client IS known, give it an IP in the
.10.0/24 range and proper routing (DNS, gateway, etc.) so they can see
the rest of the network and get outside access.
More information about the dhcp-users
mailing list