2 DHCP service on 1 physical LAN
-
i want 2 (or 3) separate subnets in the same physical network, so the separate subnet group will not "see" each other. As long as clients don't set their IP addresses statically.
this is far from an ideal design, but it's what the present network looks like. I don't want to "disturb" the present infrastructure, at least for the meantime while the VLAN Switches are being approved for budget.
-
i want 2 (or 3) separate subnets in the same physical network, so the separate subnet group will not "see" each other. As long as clients don't set their IP addresses statically.
this is far from an ideal design, but it's what the present network looks like. I don't want to "disturb" the present infrastructure, at least for the meantime while the VLAN Switches are being approved for budget.
you can try with 3 nics, than you can set up 3 subnets, and DHCP on each of them, ALSO, you can set static ARP, and enter each macihne MAC address, so even if someone of users change IP address, it will not be able to comunicate with NIC ;)
-
You cannot have multiple DHCP servers in the same physical LAN (or VLAN on managed switches). You either need separate switches or separate VLANs for each segment.
DHCP is broadcast, so anything in the same broadcast domain will see it.
Even if you could do that, it offers no security at all in terms of 'seeing' the other segment.
-
AH now I get it. Looks like i'll end up with this after all:
[switch for everybody] –- LAN1/subnet1 --- ---WAN1
--- LAN2/subnet2 --- [pfSense] –- Ethernet --- [pfSense] –-WAN2
---LAN3/subnet3 --- ---WAN3
---WAN4So let's say I have 3 user groups:
1. 192.168.0.0/24
2. 192.168.1.0/24
3. 192.168.2.0/24And I know all their MAC Addresses.
How would I do these?
1. Tell LAN1 DHCP to serve IP addresses to Group 1 MAC Addresses
2. Tell LAN2 DHCP to serve IP addresses to Group 2 MAC Addresses
3. Tell LAN3 DHCP to serve IP addresses to Group 3 MAC Addresses
4. Don't give IP Addresses to unknown MAC's
5. Don't give unknown MAC's internet accessAlso, does Squid support multi-LAN?
-
switch–-lan1---192.168.0.0
switch2---lan2(optx)---192.168.1.0
switch3---lan3(opty)---192.168.2.0So let's say I have 3 user groups:
1. 192.168.0.0/24
2. 192.168.1.0/24
3. 192.168.2.0/24And I know all their MAC Addresses.
How would I do these?
1. Tell LAN1 DHCP to serve IP addresses to Group 1 MAC Addresses
2. Tell LAN2 DHCP to serve IP addresses to Group 2 MAC Addresses
3. Tell LAN3 DHCP to serve IP addresses to Group 3 MAC Addresses
4. Don't give IP Addresses to unknown MAC's
5. Don't give unknown MAC's internet accessenable DHCP SERVER on each interface, with checked deny unknown clients and enable static arp entries
enter each MAC addres on specific interface dhcp list
this should do thing for you.4 and 5 are related to same thing…
btw, why are you trying to setup 4 wans ? -
switch–-lan1---192.168.0.0
switch2---lan2(optx)---192.168.1.0
switch3---lan3(opty)---192.168.2.0enable DHCP SERVER on each interface, with checked deny unknown clients and enable static arp entries
enter each MAC addres on specific interface dhcp list
this should do thing for you.As much as I would like to have separate switches (or separate VLANs) for the different subnets, I'm afraid the present infrastructure does not permit me to do that, and I'm stuck figuring out a way to have separate subnets in a single, unmanaged physical switch.
Until the budget for VLAN Switches (and its implementation! The site is physically big. Tracing the cable termination will be a PITA) gets approved, I'm stuck with this setup.
btw, why are you trying to setup 4 wans ?
Load Balance for 4 ADSL lines.
-
unfortunately i think then there is no much help for you :(
-
Are these different groups really all mixed together? If so, what an absolute nightmare. Whoever "designed" this should be fired :(
-
AH now I get it. Looks like i'll end up with this after all:
If you think that will work on one physical segment, you still don't get it :)
How would I do these?
1. Tell LAN1 DHCP to serve IP addresses to Group 1 MAC Addresses
2. Tell LAN2 DHCP to serve IP addresses to Group 2 MAC Addresses
3. Tell LAN3 DHCP to serve IP addresses to Group 3 MAC Addresses
4. Don't give IP Addresses to unknown MAC's
5. Don't give unknown MAC's internet accessEven though you can tell DHCP to give static IPs as you see fit, you can't assign those clients a gateway in their own subnet like that.
4/5 Are possible with the 'deny unknown clients' and 'static arp' options - but static ARP is broken on 1.2.3. It works on 2.0 though.
Also, does Squid support multi-LAN?
Yes, but not multi-wan.
-
Hi, I have similar problem becouse I need to design Network with two dhcp servers without VLANs
pfSesne Version: 2.0-BETA4 (i386) built on Mon Sep 20 21:39:12 EDT 2010 FreeBSD 8.1-RELEASE-p1
DHCP#1: eth1 192.168.1.254 192.168.1.0/24 192.168.1.1-192.168.1.99 with Deny unknown clients and Static DHCP table
DHCP#2: opt1 192.168.2.254 192.168.2.0/24 192.168.2.1-192.168.2.99In ideal case: if the mac address is known host gets ip from dhcp#1 but in a different situation host gets address from dhcp#2
Problem is that i don't know how to set dhcp#1 like primary and static dhcp table in not the same like list of known clients
so when i have chosen "Deny unknown clients" and host in not known client, it doesn't get any address :( -
Having two DHCP servers on the same network will not work.
However, I don't think that static IP mappings from DHCP have to be within the same subnet, so you might be able to just run the DHCP server on the segment for normal clients and have the static IP mappings for the other IPs…
But even if that could work, it's ugly. And really there is no good reason not to segment subnets on different interfaces/VLANs.
