[DHCP] Re: Subnetting 192.168.10.0/24

Ashley M. Kirchner ashley at pcraft.com
Sun Sep 30 00:22:42 UTC 2007 

Simon Hobson wrote:
> That is BAD, you have fixed-address which are also available for 
> allocation dynamically. Any address that is not to be dynamically 
> allocated must NOT be in a range statement.
    I have to keep those IPs.  I can't change them to contiguous, I 
can't do anything with those devices, they're set by vendors.

    By your answer then, it means I can NOT use the entire 
192.168.10.0/24 range for dynamic allocations because that would also 
include those static IPs.  Which to me means I would have to set 
multiple ranges across the /24 address space so to exclude the static 
IPs.  Correct?  In my case I can do .10.30 - .10.90, then skip and set 
another range from .10.120 - .10.230 and stop there since the high 
numbers are once again reserved.

    This whole switching to DHCP started when someone upstairs said they 
wanted a wireless access point available to clients, however it has to 
be limited but at the same time permissive.  Let me explain:

    The access point needs to allow both known as well as unknown 
clients, with the known ones being co-workers, and unknown being anyone 
that walks into the building with a device.  If the client is a known 
client, provide full routing and DNS to them.  If the client is unknown, 
then provide an IP that allows it to access a shared NFS/Samba drive and 
that's it.  They don't get internet or any other routing.

    So, the server I'm setting this on already has 3 network interfaces 
on it:
       eth0 - public IP
       eth1 - 192.168.10.0/24 -> internal network switch
       eth2 - 192.168.20.0/24 -> internal backup switch
          * those are two completely different switches by the way

    At the moment, our entire internal network lives off of eth1 which 
routes through eth0.  eth2 is used between servers for backup purposes.  
They communicated with each other via that interface, however there is 
no routing for that interface on any of the servers - in other words, if 
I shutdown all interfaces on a server and only leave their .20.0/24 
interface up, they can no longer hit the internet, only see each other.  
This is the desired design, not something broken.  We did this on purpose.

    So, ideally I want an unknown client to get an IP that's in the 
.20.0/24 range so that it can "see" the server and able to access its 
NFS/Samba share, however it wouldn't be able to get to the internet or 
our internal network.  And if the client IS known, give it an IP in the 
.10.0/24 range and proper routing (DNS, gateway, etc.) so they can see 
the rest of the network and get outside access.

More information about the dhcp-users mailing list