dhcp and vlans
Simon Hobson
dhcp1 at thehobsons.co.uk
Tue Oct 6 14:20:02 UTC 2009
Stefan Pandele wrote:
>I want to do the following task and I do not know how:
>
>I have a cisco l3 sw on witch I have many vlans
>on every interface vlan I have an public ip class
>I want to add a secondary private ip class ( 192.168.100.0/24 on
>vlan 100, 192.168.200.0/24 on vlan 200, and so on) on each interface
>vlan.
First step - you need to define a shared subnet for each vlan, like this :
shared-subnet "vlan100" {
subnet a.b.c.0 ...
subnet 192.168.100.0 ..
}
>after that when a client from vlan 100 have the mac address bind of
>an ip address form the public subnet of dhcp.conf, dhcp to give
>him that public ip address.
>if the user change his network adapter then the new mac address
>won;t be bind of the same ip address.
>in that point I want that dhcp to give him a random ip address from
>the private ip address class range ( ex 192.168.100.75).
>if the clinet moves into a vlan 200 port, dhcp must give him an ip
>address from 192.168.200.0/24 class ( ex 192.168.200.14).
You need to clarify exactly what you need here - I can see two
variations when a device with public IP in vlan100 moves to vlan 200 :
a) it gets a public address.
b) it gets a private address.
a) is probably simplest. You define your subnets thus :
shared-subnet "vlan100" {
subnet a.b.c.d ...
pool {
range a,b,c,x a.b.c.y ;
allow known-clients ;
}
subnet 192.168.100.0 ..
pool {
range 192.168.100.x 192.168.100.y ;
deny known-clients ;
}
}
And define known clients with host statements IN THE GLOBAL SCOPE :
host "somename" {
hardware ethernet aa:bb:cc:dd:ee:ff ;
}
Clients with a matching host declaration are "known" and entitled to
an address from the public range from the vlan they are connected to.
Others will get a private address.
b) is a little harder, but not much.
You define a class for 'known' hosts for each vlan :
class "vlan100" {
match ...
}
shared-subnet "vlan100" {
subnet a.b.c.d ...
pool {
range a,b,c,x a.b.c.y ;
allow members of "vlan100" ;
}
subnet 192.168.100.0 ..
pool {
range 192.168.100.x 192.168.100.y ;
deny members of "vlan100" ;
}
}
A client that matches a class will be allowed a public IP when
connected to the relevant vlan. When connected anywhere else it will
get a private address.
Class matching is more flexible - you can match on arbitrary
expressions, not just MAC address. You could use a single global
class in option a) to get this level of flexibility.
Your friends are the man pages - dhcpd.conf to start with, and
dhcp-eval for info about expressions available.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list