Multi-subnet DHCP

Sat Aug 23 19:55:38 UTC 2008

Simon Hobson wrote:
> Jeff Anderson wrote:
>
>> I've trimmed the config down (it is rather large and I didn't feel 
>> comfortable publishing our mac addresses). I've pasted it below.
>>
>> Basically we're a CS department. We have a core switch, and we do 
>> vlans to separate things out-- linux lab machines have a vlan, 
>> windows another, etc... Research labs also get their own vlan and 
>> corresponding subnet. The core switch has each vlan configured to do 
>> "ip helper" to forward along the DHCP requests to the subnet that our 
>> dhcp server lives on. We have multiple subnets defined that have 
>> dynamic ranges in them. The DHCP server seems to assign appropriate 
>> dynamic addresses for each of these subnets that have the dynamic 
>> ranges defined.
>
> OK, as suggested by Jeffrey Hutzelman, you've used shared-network when 
> you shouldn't have. It seems to cause a lot of confusion, but VLANs on 
> a switch are NOT the same as a shared subnet.
>
> A shared subnet is where you have ONE network (technically it's the 
> broadcast domain) with multiple IP subnets on it. With VLANs, each 
> VLAN is a separate isolated network - conceptually, think of each VLAN 
> as having a separate switch but all rolled up into one box for 
> convenience.
>
> When you declare a shared-network, you are telling the DHCP server 
> that any device on that network may use any address from any range 
> defined in the shared-network. Hence you get clients given wrong 
> addresses.
>
>
>
>> shared-network example-Department
>
> You need to remove this.
I'll give this a shot when we have some scheduled downtime, and post the 
results here. I believe that the shared-network option was lingering 
from before we moved to our current network setup. Nothing was broken 
because of this option (until we wanted dynamic ranges) so it was left 
untouched. I'll do some more reading about the shared-network option so 
I can fully understand it. (I doubt there is much more than I already 
know, but hey why not? reading is always good.)
>>      authoritative;
> It looks like every subnet is authoritative, you could declare this 
> globally and save some space/typing.
Yes I agree-- this dhcpd.conf is the result of many people tinkering 
with it for a very long time, hence some silly options.
>
>
>> #We have separate groups defined to divide hosts logically-- not 
>> because they necessarily need different options.
>> group
>> {
>>   use-host-decl-names on;
>
> Isn't this already defined globally ?
Yes-- it was probably added to the global options after it was added to 
a group, and then each time anyone wanted to create a new group, they 
just pasted what was already there. I'll clean them out.
>> group UML
>> {
>>   use-host-decl-names on;
>>   option routers 192.168.31.1;
>>   #snip -- lots of hosts defined by fixed-address and hardware ethernet
>>   use-lease-addr-for-default-route on;
>>   option subnet-mask 255.255.255.0;
>
> I would personally not define the router here, unless it's 
> specifically different for this group of hosts (even then, I much 
> prefer to do the routing in the routers myself). You should definitely 
> not need to define the netmask since it must be the same as the subnet 
> - unless you have a broken IP setup.
This makes sense. We are removing that group very soon anyway, but I'll 
keep that in mind whenever I might create a group of my own.

Thank you for your eyes and your time! It always helps to get a fresh 
set of eyes on a tattered, old, nasty config file like this one. I have 
my work cut out for me.

Jeff Anderson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20080823/014b36f8/attachment.bin>