Shared Network Behind a Relay
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Nov 4 01:44:07 UTC 2008
--On Monday, November 03, 2008 04:54:19 PM -0700 commo dore
<commonanog at gmail.com> wrote:
> Ive been looking for a while on this issue, and I havent had much luck
>
> Basic concept is a centralized DHCP Server
>
> Known users -->
> (eth2) Router A
> (eth1)-------------------->(eth1) DHCP Server
> Unknown Users --->
This diagram makes no sense. But then, ASCII art seldom does when the
artist was not using a fixed-width font. Fortunately, your description is
fairly clear.
> I want to assign unknown users an iprange of 10.0.0.0/24 untill they are
> added to known lists then they will get an ip in the public ip range(ie
> A.B.0.0/24)
>
> Basicly an unkown users can only reach internal devices, and cant "go out"
> to the public internet
>
> so something like this:
>
> shared-network test {
> subnet A.B.0.0 netmask 255.255.255.0 {
> option routers A.B.0.1;
> range A.B.0.200 A.B.0.210;
> deny unknown-clients;
> }
> subnet 10.0.0.0 netmask 255.255.255.0 {
> option routers 10.0.0.1;
> range 10.0.0.100 10.0.0.1.200;
> allow unknown-clients;
> }
> }
>
> Now Router A
> eth2 A.B.0.1
> eth2:0 10.0.0.1
> DHCP Server
> eth1 A.B.0.100
>
> So whenever the Relay on Router A forwards the request the giaddr is
> A.B.0.1 so it only wants to assign an ip address back in that range. (and
> that works just fine). Somehow I need to set it so that if giaddr is
> A.B.0.1 and its an unknown host then assign it in the public range.
The configuration you've described should do that.
The DHCP server doesn't care what subnet the giaddr is in; in only cares
what shared-network it is in. So, if your router always sets giaddr to
A.B.0.1, the DHCP server will know the client is on the "test"
shared-network, and can/will assign addresses out of any pool on that
shared-network which is available to the client.
You've said that your DHCP server's interface has address A.B.0.100, which
is on the same A.B.0.0/24 subnet as your clients. If the DHCP server is
really connected to that network, you shouldn't need a relay agent at all.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Carnegie Mellon University - Pittsburgh, PA
More information about the dhcp-users
mailing list