Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: brick on April 23, 2009, 04:48:43 PM
-
Hi,
I created two extra ranges for my Local Network, I'm trying to separate the clients that are part of the lab, wireless, school admin and students.
I have set the clients under the Hostnames and Addresses panel, but only the clients that are part of the orginal range can get addresses, none of the 'new' range works.
I looked under the dhcpd.conf and can only see the original network as well.
Is there something I'm missing?
Is there something I can do do deliver the IP's to the extra range?
-
Hi,
I created two extra ranges for my Local Network, I'm trying to separate the clients that are part of the lab, wireless, school admin and students.
I have set the clients under the Hostnames and Addresses panel, but only the clients that are part of the orginal range can get addresses, none of the 'new' range works.
Could you explain yourself better here, please? What do you mean by "created two extra ranges" ?
It appears that you are trying to assign specific IP addresses to specific machines as described in the Admin manual on http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Hostnames_and_addresses (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Hostnames_and_addresses)
I looked under the dhcpd.conf and can only see the original network as well.
Is there something I'm missing?
Is there something I can do do deliver the IP's to the extra range?
Are the ranges included in your server console DHCP range? Do you have the proper subnet mask?
-
Are you actually talking about separate subnets?
E.g: Subnet #1 IP range 192.168.1.xxx Subnet mask 255.255.255.0
Subnet #2 IP range 192.168.2.xxx Subnet mask 255.255.255.0
-
Are you actually talking about separate subnets?
E.g: Subnet #1 IP range 192.168.1.xxx Subnet mask 255.255.255.0
Subnet #2 IP range 192.168.2.xxx Subnet mask 255.255.255.0
Exactly!
uniqsys:
The server console does not allow me to include extra ranges, and I can only see the original range under the dhcpd.conf:
subnet 192.168.0.0 netmask 255.255.255.0
{
option broadcast-address 192.168.0.255;
But I can see the config for the hosts that I added, such as:
host wrt.yorktown.sme.homelinux.net {
hardware ethernet 00:13:10:62:19:E0;
fixed-address 192.168.200.241;
}
-
But I can see the config for the hosts that I added, such as:
You are not talking about a separate range of addresses on your local network. That would be something like the following.
IP address range #1 192.168.0.50 - 192.168.0.100, subnet mask 255.255.255.0
IP address range #2 192.168.0.150 192.168.0.200, subnet mask 255.255.255.0
=====================
You are actually talking about two different networks that would need a router between them or an additional local network added in server manager to see the server. I also do not think that you can use one DHCP server to handle both networks but I could be mistaken on this.
You might be able to give the server an IP address of say 192.168.0.1 and a subnet mask of 255.255.0.0 (allowing it to talk to all 192.168.xxx.xxx subnets) and then give the workstations 192.168.0.xxx and 192.168.200.xxx with subnet masks of 255.255.255.0. But I have never tried this and am not sure it would work and the workstations with the 192.168.200.xxx would not be able to communicate with the server.
-
Exactly!
uniqsys:
The server console does not allow me to include extra ranges, and I can only see the original range under the dhcpd.conf:
That is correct it doesn't, but I think if you change your DHCP subnet mask to 255.255.0.0 it would include the 192.168.200.xxx requests. I have never attempted such a configuration so I have no experience for you. Sorry.
-
This is a known bug. The hostnames and addresses panel should not allow you to enter MAC addresses for addresses which are not on the local network.
http://bugs.contribs.org/show_bug.cgi?id=3809
You also shouldn't be trying to set up multiple networks on the same physical LAN. Different networks need to have a router between them.
-
That is correct it doesn't, but I think if you change your DHCP subnet mask to 255.255.0.0 it would include the 192.168.200.xxx requests.
This will not not separate the clients as they will all be on the same subnet. It is just a much larger subnet.
-
This will not not separate the clients as they will all be on the same subnet. It is just a much larger subnet.
Which is what I'm looking for.
-
Which is what I'm looking for.
You can only seperate them using routers like stated earlier. You can configure them to be on a different subnet however, but they will be able to contact each other. Blocking traffic requires a router.
If you would like to change your subnet log in as admin and reconfigure your server to use a broader subnet than the normal C-class subnet (255.255.255.0). You would need to choose a B-class subnet (255.255.x.0) to allow for more than 256 hosts on your network.
Take a look at subnet calculation to see how you should arrange your subnet to do so. Here is a subnet calculator that might show you how many hosts are allowed based on the choosen subnet: http://www.subnet-calculator.com/subnet.php?net_class=B
-
Thanks for all the replies, but I'm not looking at routing or securing the network. I have a separate device for that, which works as a bridge and I can control the traffic by ports or signatures, it even allows me to control ARP and tie MAC to IP.
-
Thanks for all the replies, but I'm not looking at routing or securing the network. I have a separate device for that, which works as a bridge and I can control the traffic by ports or signatures, it even allows me to control ARP and tie MAC to IP.
This will not not separate the clients as they will all be on the same subnet. It is just a much larger subnet.
Which is what I'm looking for.
Then what are you looking for?
I thought you were wanting to protect the LAN from itself. Separate the sheep and the lions among your users.
-
Yes, and in my case I'm creating the rules by range, and why I need the DHCP to deliver the IP in the new range.
-
Yes, and in my case I'm creating the rules by range, and why I need the DHCP to deliver the IP in the new range.
So why not try extending the subnet like I suggested?
-
So why not try extending the subnet like I suggested?
I'll try that :)
-
Yes, and in my case I'm creating the rules by range, and why I need the DHCP to deliver the IP in the new range.
You also need to *physically* separate them. And you use a router for that. For the subnet or subnets which are physically separated from the SME server, use a different DHCP server.
-
Yes, and in my case I'm creating the rules by range, and why I need the DHCP to deliver the IP in the new range.
How can your DHCP server hand out an address to a subnet range it can't even talk too??
I am still curious as to what you would like to achieve....
Do you have some device on your network that can separate access to other workstations on the subnet based on an IP address range? (not a separate subnet) What sort of "rules" are you creating?
If you have such a device, I would like to know what it is.
If you intend to do the separation based on separate subnet. (which is not accessible from the other subnet.) You will need to do as Charlie says and physically separate them. You will then need to put a router between them that allows access only to the shared resources that they both need access too. This can be done with separate hardware and wiring (switches, etc) or with switches with Vlan tagged ports.
*A router can be used to allow 'any' two networks to talk to each other, not just from the WAN (internet) to the LAN.
-
I'll try that :)
So, if changing the subnet mask on the DHCP works, will you be telling Charlie to leave the bug as is? ;)
-
I currently run 5 separate vlan networks in the office. My sme base handles dhcp for 2 of these and a third is via coova-chilli. The other 2 vlans are used for voip traffic on 2 distinct systems (dhcp handled by voip system for these). Yes I do have a layer 3 switch for inter-vlan routing.
-
I currently run 5 separate vlan networks in the office. My sme base handles dhcp for 2 of these
What have you done to make that possible?
-
Basically duplicated all necessary templates for the second network in templates-custom. Then added an ip helper-address that points to the sme server to the second vlan in the L3 switch.
Since I had to add special options for the IP phones, I ended up using custom templates for most of dhcpd.conf. Since the Mitel teleworker did(does) support the old method of IP Phone support, I was able to use their code as a model. Hacked in support for the new option 125 method of IP phone optioning. Although it is functional, I'm sure it isn't graceful.