DHCP and 2 subnets
Simon Hobson
dhcp1 at thehobsons.co.uk
Mon Apr 7 13:00:22 UTC 2008
Chris Arnold wrote:
> > Your networks are not separate - the above request from the same
>> client was received twice, once via the relay agent, and again direct
>> via the attached network. Go and check your setup because this
>> shouldn't be the case - you don't have both subnets connected to one
>> switch do you ?
>
>Kind of...1 router/firewall that has a "secondary ip" on the trust port. Then
>this device connects to a switch that is 192.168.123 network and off of this
>switch is another switch that is the 192.168.124 network. Do i need to use
>shared-network or some other option with this setup?
OK, then your router is a complete waste of time and gives you zero
security between these two subnets - any client can see broadcast
traffic from the other subnet, and is able to send packets directly
to any other node. Had you mentioned that at the beginning then we
could have got to this point a lot quicker !
You have two choices, either declare these two subnets as a shared
subnet, or properly segregate them on two different switches on
different router interfaces (either real or VLAN).
If you choose to keep a shared subnet, then be aware that there is no
trivial way to determine which subnet a client will end up in - which
is where I think you started the thread from. With no config, the
server will treat the two subnets as equal and will be free to assign
any client to either subnet. To change this will involve using some
mechanism to identify which clients go where.
More information about the dhcp-users
mailing list