Option 82 or subnet: who wins?
Glenn Satchell
Glenn.Satchell at uniq.com.au
Sat Mar 14 23:33:04 UTC 2009
Hi David
This paragraph from the dhcpd.conf man page describes the precedence:
When a client is to be booted, its boot parameters are
determined by consulting that client's host declaration (if
any), and then consulting any class declarations matching
the client, followed by the pool, subnet and shared-network
declarations for the IP address assigned to the client.
Each of these declarations itself appears within a lexical
scope, and all declarations at less specific lexical scopes
are also consulted for client option declarations. Scopes
are never considered twice, and if parameters are declared
in more than one scope, the parameter declared in the most
specific scope is the one that is used.
So it's host statement, class, pool, subnet, shared-network.
In this case the subnet mask and router are being inherited via the
class defined in the 172.x subnet, and the IP address from the pool in
the other subnet.
Moving the class definition outside the subnet definition means that
the class won't have a router or netmask (or other values from that
subnet) as inherited values. These values can then be picked up from
the lower precedent subnet. Ususally this is what you want and is why
the usual thing is to put class definitions in the global scope.
I'm not sure what's going on, but I'm suspecting a port
misconfiguration perhaps. If you plug into a switch port that is
configured for the 172.25.254.0 vlan then that subnet definition is
used. If you plug into a port that is configured for the 192.168.50.0
vlan then that subnet definition comes into play. dhcpd looks at the
relay giaddr field (the ip address of the interface on the relay where
the request came in) to determine the subnet. Or if no relay (that is a
local subnet), then the dhcp server uses the ip address of its
interface where the request came in.
dhcpd won't assign a 192.268.50.0 address if it believes that the
device is on the 172.25.254.0 subnet.
Can you pleae post the ipconfig /all output and dhcpd.conf with the
calss moved outside the subnet definition?
regards,
-glenn
>From: David McGaughey <mcgoy1 at clearwire.net>
>To: "'Austin Gabel'" <agabel at gmail.com>, "'Users of ISC DHCP'"
<dhcp-users at lists.isc.org>
>Subject: RE: Option 82 or subnet: who wins?
>Date: Sat, 14 Mar 2009 10:37:00 -0500
>Importance: Normal
>X-BeenThere: dhcp-users at lists.isc.org
>
> Guess that I am confused about what "global" means for a class. If it means
> all class definitions are global, then by definition, it should not matter
> in what other context they are defined. An example would be global
> variables in PERL. If global means that classes may only be defined in a
> global context, then I'm really surprised that dhcpd didn't complain about
> it not being so!
>
>
>
> My problem is not for a shared network. It's two separate vlans (networks)
> on a single switch, each with their own subnet definition. These two
> network definitions have two different dhcp definitions. One where the
> pools are based not just on originating network subnet, but also on option
> 82. The other dhcp definition is just based on subnet. What I observe is
> that the leases are combining information from both definitions to clients
> who should not be using option 82 - based on the subnet (vlan) which their
> port is a member of on the switch. That is to say, from the network their
> request is coming from.
>
>
>
> Rearranging the class definitions into a global context did not fully
> resolve the issue. It just looks like a bug to me - subnet should win -
> every time! And information from different lease subnets should never be
> mixed in a client's lease.
>
>
>
> David <http://mcgoy.plumbearcat.com/> McGaughey
>
> Lubbock, Texas
>
> mcgoy at plumbearcat.com
>
> (806)438-7363
>
>
>
> -----Original Message-----
> From: Austin Gabel [mailto:agabel at gmail.com]
> Sent: Friday, March 13, 2009 2:11 PM
> To: mcgoy at plumbearcat.com; Users of ISC DHCP
> Subject: Re: Option 82 or subnet: who wins?
>
>
>
> Class declarations are global. Take it out of the subnet declaration. If
> these two subnets are on the same vlan they should be in a 'shared-network'
> declaration. The class should also be outside of this shared network. Then
> put a deny members of "ms_rm116_sw2650_hp1.0.17"; option in the 192.168.50.0
> network.
>
>
>
>
> On Fri, Mar 13, 2009 at 11:56 AM, David McGaughey <mcgoy1 at clearwire.net>
> wrote:
>
> Greetings list! And my apology if I've missed this somewhere in my
> googling. I've a situation where I have an option 82 definition for a port
> on a switch and a separate subnet definition. If I plug my client into the
> switch port which has the class definition for a subnet AND I plug my dhcp
> server into the switch port next to my client - same vlan - then I get a
> mixture of the leases from both subnet definitions. It would be nice to get
> one or the other, and not a mixture of both. Here's the config file:
>
>
>
> option domain-name "ci.lubbock.tx.us";
>
> option domain-name-servers 10.2.1.254, 10.2.1.253, 10.2.1.7;
>
> default-lease-time 259200;
>
> max-lease-time 259200;
>
> ddns-update-style none; ddns-updates off;
>
> authoritative;
>
> subnet 172.25.254.0 netmask 255.255.255.0 {
>
> option subnet-mask 255.255.255.0;
>
> option broadcast-address 172.25.254.255;
>
> option routers 172.25.254.1;
>
> class "ms_rm116_sw2650_hp1.0.17"
>
> {
>
> match if (
>
> option agent.remote-id = 0:1d:b3:1f:c2:80
>
> and
>
> option agent.circuit-id = 0:11
>
> );
>
> }
>
> pool {
>
> range 172.25.254.47 172.25.254.49;
>
> allow members of "ms_rm116_sw2650_hp1.0.17";
>
> }
>
> }
>
> subnet 192.168.50.0 netmask 255.255.254.0 {
>
> pool {
>
> option broadcast-address 192.168.51.255;
>
> option routers 192.168.50.1;
>
> option subnet-mask 255.255.254.0;
>
> default-lease-time 14400;
>
> max-lease-time 14400;
>
> range 192.168.51.1 192.168.51.254;
>
> }
>
> }
>
>
>
> Here's what the client (ipconfig /all) got:
>
>
>
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : WXPITIMAGE03c
>
> Primary Dns Suffix . . . . . . . :
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : ci.lubbock.tx.us
>
>
>
> Ethernet adapter Local Area Connection 2:
>
>
>
> Connection-specific DNS Suffix . : ci.lubbock.tx.us
>
> Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
> Adapter
>
> Physical Address. . . . . . . . . : 00-50-56-0F-0F-12
>
> Dhcp Enabled. . . . . . . . . . . : Yes
>
> Autoconfiguration Enabled . . . . : Yes
>
> IP Address. . . . . . . . . . . . : 192.168.51.4
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 172.25.254.1
>
> DHCP Server . . . . . . . . . . . : 192.168.50.2
>
> DNS Servers . . . . . . . . . . . : 10.2.1.254
>
> 10.2.1.253
>
> 10.2.1.7
>
> Lease Obtained. . . . . . . . . . : Friday, March 13, 2009 11:43:21
> AM
>
> Lease Expires . . . . . . . . . . : Friday, March 13, 2009 3:43:21
> PM
>
>
>
> Note that the IP Address comes from the second subnet, which happens to be
> that of the DHCP server, but the netmask and the router come from the FIRST
> subnet definition.
>
>
>
> Neither subnet is winning now. Should one of them be the "winner" and
> assign all its information to the client?
>
>
>
> David <http://mcgoy.plumbearcat.com/> McGaughey
>
> Lubbock, Texas
>
> mcgoy at plumbearcat.com
>
> (806)438-7363
>
>
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
More information about the dhcp-users
mailing list