DHCP and 2 subnets

Fri Apr 11 06:41:14 UTC 2008

Chris Arnold wrote:

>  >Without a subnet stanza for 192.168.124.0/24 the server will not
>>give out addresses on that network. The "allow members" statement above
>>will restrict other clients from getting a 192.168.123.x address but
>>it does not prevent them from getting a 192.168.124. address instead.
>>You need to "deny members of " in that pool or set up a "124 ..." class
>>and allow the specific hosts you want.
>
>Ok guys, thanks for your patience as i get through this. Here is my 
>dhcp.conf now;
>option domain-name "domain here";
>option domain-name-servers 192.168.123.x;
>option ntp-servers 192.168.123.x;
>ddns-update-style none;
>default-lease-time 14400;
>max-lease-time 172800;
>class "123 DHCP Clients" {
>          match hardware;
>        }
>
>        subclass "123 DHCP Clients" 00:0B:DB:C8:B1:71;
>        subclass "123 DHCP Clients" 1:8:0:2b:a9:cc:e3;
>        subclass "123 DHCP Clients" 1:0:0:c4:aa:29:44;
>
>        subnet 192.168.123.0 netmask 255.255.255.0 {
>          pool {
>            allow members of "123 DHCP Clients";
>            range 192.168.123.20 192.168.123.253;
>          }
>        }
>class "124 DHCP Clients" {
>          match hardware;
>        }
>
>        subclass "124 DHCP Clients" 00:14:A4:04:2E:C7;
>        subclass "124 DHCP Clients" 1:8:0:2b:a9:cc:e3;
>        subclass "124 DHCP Clients" 1:0:0:c4:aa:29:44;
>
>        subnet 192.168.124.0 netmask 255.255.255.0 {
>          pool {
>            allow members of "124 DHCP Clients";
>            range 192.168.124.20 192.168.124.253;
>          }
>        }

I'd recommend against doing it that way as EVERY client must be 
listed or it won't get a lease - if the 124 subnet is the default 
subnet that all clients should go into unless they are specifically 
listed for the 123 subnet, then deny 123 clients from the 124 subnet 
as per my last message.

>And here is the log from a PC on the 192.168.123 network:
>Apr 10 19:57:49 mail dhcpd: DHCPDISCOVER from 00:0b:db:c8:f1:71 via 
>eth1: network 192.168.124/24: no free leases
>Apr 10 19:57:49 mail dhcpd: DHCPREQUEST for 192.168.124.144 
>(192.168.124.1) from 00:0b:db:c8:f1:71 via eth1: lease 
>192.168.124.144 unavailable.
>Apr 10 19:57:49 mail dhcpd: DHCPNAK on 192.168.124.144 to 
>00:0b:db:c8:f1:71 via eth1

This client is not listed, therefore there are no leases available to 
offer it. It clearly then tries to renew an existing lease, and is 
told "that address is not valid for your use" (the DHCP Nack message)

This is why it's best, if you situation supports it, to have a 
default situation where clients that aren't listed will still get an 
address - and just list those clients that don't go in the default 
pool.