[ale] dhcpd to multiple vlans from one server

Robert L. Harris robert.l.harris at gmail.com
Thu Jan 22 23:08:52 EST 2015


I'll be doing mostly static dhcp but I'll also be putting ACLs in place
soon.  Some of these engineers are amazing at hardware but think they are
God's gift to Linux and networking because they can install centos...

On Thu, Jan 22, 2015, 20:22 Jim Kinney <jim.kinney at gmail.com> wrote:

> Ouch.
>
> Flatten the damn network and make it a huge subnet and make your life
> easier.
>
> Or better, all real DHCP is on a single /24 (or /20 or larger) and use
> static dhcp for most everything else.
>
> http://www.newegg.com/Product/Product.aspx?Item=N82E16833114084
> $180 for 4 ports.
>
> All it takes is a bit of failure to loosen the purse strings.
>
> On Fri, 2015-01-23 at 03:04 +0000, Robert L. Harris wrote:
> >   Yeah, don't have hardware like that.  I inherited this network and
> > did not get any sty in the architecture.  If I get up to Chicago I'll
> > be dropping into someone's cube with a bat.  They Mae no plans for dns
> > our dhcp.  I'm working on scrounged hardware.
> >
> >   Right now I'm using the hp 5920 switch they put in to provide dhcp
> > with vlan pools but I see that becoming unmaintainable pretty quickly
> > due to static assignments.
> >
> > Robert
> >
> >
> > On Thu, Jan 22, 2015, 19:58 Jim Kinney <jim.kinney at gmail.com> wrote:
> >         On Fri, 2015-01-23 at 02:41 +0000, Robert L. Harris wrote:
> >         > I have multiple projects/products, etc at work we are
> >         breaking into
> >         > separate broadcast domains ( currently 11, likely to be
> >         closer to 20
> >         > ).  I don't want a different dhcp server per subnet/vlan.  I
> >         can put a
> >         > trunk port to the dhcp server so if I can have dhcpd
> >         answering on each
> >         > vlan so I have centrally managed dhcp, that's ideal.  So
> >         maybe I'm
> >         > stuck doing the eth0.21, etc with an IP on each subnet and
> >         one dhcp
> >         > server.
> >
> >         I think you can do it with a single, very high port count
> >         machine.
> >         virtual nics won't do it. So a big box with x5 4 port nics
> >         with a line
> >         to each head switch or a vlan'ed port will work. Each subnet
> >         get's it's
> >         own stanza in the config file.
> >         >
> >         >
> >         >
> >         >
> >         >
> >         > On Thu Jan 22 2015 at 7:30:43 PM Jim Kinney
> >         <jkinney at jimkinney.us>
> >         > wrote:
> >         >         +1. All it takes is a physical connection to the
> >         subnet.
> >         >
> >         >         Not sure why separate vlans get assigned to separate
> >         subnets.
> >         >         It doesn't provide a benefit. Vlans are for having
> >         overlapping
> >         >         IP space in the same physical LAN. Which is only
> >         useful when a
> >         >         LAN fills up a 10. Class A. Maybe its easier at the
> >         >         switch/router management level with more than 100
> >         subnets.
> >         >         Mostly, I see it used as a job guarantee for a
> >         network admin.
> >         >
> >         >
> >         >         On January 22, 2015 9:15:39 PM EST, Michael Trausch
> >         >         <mike at trausch.us> wrote:
> >         >                 ISC dhcpd will hand an address out based on
> >         the
> >         >                 interface it came in on. If if eth0 has
> >         203.0.113.1/25
> >         >                 and eth1 has 203.0.113.129/25, and the DHCP
> >         server is
> >         >                 authoritative for those two subnetworks,
> >         then when it
> >         >                 receives a request on eth0 for an address it
> >         will
> >         >                 issue an address in 203.0.113.0/25; when it
> >         receives a
> >         >                 request on eth1 it will issue an address in
> >         >                 203.0.113.128/25.
> >         >
> >         >                 Sent from my iPad
> >         >
> >         >                 On Jan 22, 2015, at 7:37 PM, "Robert L.
> >         Harris"
> >         >                 <robert.l.harris at gmail.com> wrote:
> >         >
> >         >
> >         >                 > Ok, so if I have 2 subnets:
> >         >                 >
> >         >                 > 172.20.1/24 on vlan 21
> >         >                 > 172.20.2/24 on vlan 22
> >         >                 >
> >         >                 >
> >         >                 > If a host plugs into a port assigned to
> >         vlan 22, how
> >         >                 > do I make sure dhcpd gives out the right
> >         address?
> >         >                 > That's the part of the designation I'm
> >         missing.
> >         >                 >
> >         >                 >
> >         >                 > Robert
> >         >                 >
> >         >                 >
> >         >                 >
> >         >                 >
> >         >                 > On Thu Ja n 22 2015 at 5:17:25 PM James
> >         Sumners
> >         >                 > <james.sumners at gmail.com> wrote:
> >         >                 >         You just have to define the
> >         subnets in the
> >         >                 >         config and put each subnet's pool
> >         within its
> >         >                 >         respective block. No need for
> >         aliased IPs.
> >         >                 >
> >         >                 >         On Thursday, January 22, 2015,
> >         Robert L.
> >         >                 >         Harris <robert.l.harris at gmail.com>
> >         wrote:
> >         >                 >
> >         >                 >                 Anyone have a dhcpd
> >         serving multiple
> >         >                 >                 subnets to multiple vlans
> >         from a
> >         >                 >                 single server on a trunk
> >         they can
> >         >                 >                 share configs?  I don't
> >         want to
> >         >                 >                 spawn a bunch of servers
> >         and if I
> >         >                 >                 can do it with a single
> >         interface
> >         >                 >                 that would be ideal.  If I
> >         have to
> >         >                 >                 go with eth0.0, eth0.1,
> >         etc that's a
> >         >                 >                 good second choice.
> >         >                 >
> >         >                 >
> >         >                 >                 Robert
> >         >                 >
> >         >                 >
> >         >                 >
> >         >                 >
> >         >                 >         --
> >         >                 >         James Sumners
> >         >                 >         http://james.sumners.info/
> >         (technical
> >         >                 >         profile)
> >         >                 >         http://jrfom.com/ (personal site)
> >         >                 >         http://haplo.bandcamp.com/ (band
> >         page)
> >         >                 >
> >         >                 >
> >          _______________________________________________
> >         >                 >         Ale mailing list
> >         >                 >         Ale at ale.org
> >         >                 >
> >          http://mail.ale.org/mailman/listinfo/ale
> >         >                 >         See JOBS, ANNOUNCE and SCHOOLS
> >         lists at
> >         >                 >
> >          http://mail.ale.org/mailman/listinfo
> >         >                 >
> >         _______________________________________________
> >         >                 > Ale mailing list
> >         >                 > Ale at ale.org
> >         >                 > http://mail.ale.org/mailman/listinfo/ale
> >         >                 > See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >                 > http://mail.ale.org/mailman/listinfo
> >         >                 >
> >         >
> >         >
> >         >
> >          ______________________________________________________
> >         >
> >         >                 Ale mailing list
> >         >                 Ale at ale.org
> >         >                 http://mail.ale.org/mailman/listinfo/ale
> >         >                 See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >                 http://mail.ale.org/mailman/listinfo
> >         >
> >         >
> >         >         --
> >         >         Jim Kinney
> >         >         Linux Systems Analyst
> >         >         Physicist/Brewer
> >         >         http://jimkinney.us
> >         >         _______________________________________________
> >         >         Ale mailing list
> >         >         Ale at ale.org
> >         >         http://mail.ale.org/mailman/listinfo/ale
> >         >         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         >         http://mail.ale.org/mailman/listinfo
> >         > _______________________________________________
> >         > Ale mailing list
> >         > Ale at ale.org
> >         > http://mail.ale.org/mailman/listinfo/ale
> >         > See JOBS, ANNOUNCE and SCHOOLS lists at
> >         > http://mail.ale.org/mailman/listinfo
> >
> >         --
> >         James P. Kinney III
> >
> >         Every time you stop a school, you will have to build a jail.
> >         What you
> >         gain at one end you lose at the other. It's like feeding a dog
> >         on his
> >         own tail. It won't fatten the dog.
> >         - Speech 11/23/1900 Mark Twain
> >
> >         http://heretothereideas.blogspot.com/
> >
> >         _______________________________________________
> >         Ale mailing list
> >         Ale at ale.org
> >         http://mail.ale.org/mailman/listinfo/ale
> >         See JOBS, ANNOUNCE and SCHOOLS lists at
> >         http://mail.ale.org/mailman/listinfo
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his
> own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
> http://heretothereideas.blogspot.com/
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150123/0bc9ec3c/attachment.html>


More information about the Ale mailing list