From: Robert Lowe (Robert.H.Lowe@lawrence.edu)
Date: Wed Dec 03 2003 - 11:35:59 CST
Calissa J Lazowicki wrote:
> Patrick,
>
> Ok, i changed the subnet.dat file and i went over the other changes you
> suggested... here is our problem, we can't change the netreg machine or
> the router to the 236 network. they have to stay were they are, that
> part is out of my hands, i was given the configuration below and told we
> need to make this work.. subnet 236 is NOT going to be our only subnet
> w/machines using the netreg system. in our subnet.dat file you see all
> the other lines in there that are remarked out... well, they are dorms,
> and one by one they will be brought up to go through netreg as well. so
> were going to somehow need for all those other subnets to work as
> well... i think this is where i am coming into a problem.. i am not sure
> if you understand what i am trying to explain.. maybe this will help:
>
> netreg box - 157.62.60.1
>
> router - 157.62.236.155 (this is the reason for the gap in the
> registered pool area of dhcpd.conf, we want to use the ips before and
> after it)
> our dorm subnets needed to access netreg -
> 157.62.234.0
> 157.62.236.0
> 157.62.238.0
> 157.62.240.0
> 157.62.230.0
> 157.62.232.0
> 157.62.225.0
> 157.62.210.0
> 157.62.211.0
>
> to us it doesn't matter what subnet the unregistered clients use just as
> long as we can make the above configuration work.
This is fine, although not what I would recommend. The note in
subnet.dat regarding field #4 means that the counter on the subnet
overview page from the admin script will not report the correct
number of active unregistered clients -- it will see all of your
registered clients as unregistered, along with any unregistered
clients with active leases. You don't have to re-design your
subnets or multinet to solve that problem, but you do have to be
able to cover all of the unregistered IP addresses with a smaller
subnet, i.e. it overlays on top of your 'real' subnet. So, as I
explained before, without any changes to your configuration, other
than perhaps shifting some of the IP addresses in your present
subnet, this is quite easily done, but in a power of two, e.g. 64
or 128 addresses.
The line in subnet.dat might look like:
157.62.236.0/23:Laurel B:300:157.62.236.128/25
^^^ ^^^ ^^^
real subnet (*) not a real subnet
(*) this number is used only to scale the graph on the subnet
overview page.
When I say 'not a real subnet' above, I mean that no switch
or router knows anything about this. It is only to distinguish
unregistered clients from registered clients, only reflecting
how you have organized your IP address space. If you don't care,
then leave it blank, as you now have it.
Regardless of that, you *should* fix your dhcpd.conf file to reflect
your true network topology -- don't use shared-network statements
unless you really have multiple layer 3 subnets on a single layer 2
network.
The "you are not in my allowable IP range" error should also include
the subnet. Was it there, or not? If not, make sure you replaced
register.cgi with the one from the CIDR kit (and variables.pl, etc.).
My thanks to Patrick, and my apologies for not catching the fact
that the allowable range isn't expressed as a variable any longer.
I wrote the CIDR kit, but I certainly don't look at it much any
more, unless someone reports some kind of issue.
-Robert
> Thank you again for all of your help, i can not explain to you how much
> you have helped me already :) THANK YOU!
>
> Calissa
>
>
>
>
> On Tue, 2 Dec 2003 23:37:12 -0500, Patrick Jaques <pjaques@comcast.net>
> wrote:
>
>> Calissa J Lazowicki wrote:
>>
>>> I am using the standard variables.pl that comes w/the CIDR update...
>>> w/the exception of our LDAP info for authentication... here is what i
>>> have been told so far:
>>
>> ...
>>
>>> Now, i have also been told i need the $ALLOW_DOMAIN in the
>>> variables.pl
>>> file even w/the CIDR update, so i tried that... i still get the same
>>> thing - ip not in my allowable ip range... any ideas would be wonderful
>>
>>
>> Hi Calissa,
>>
>> I don't think the variables.pl file is an issue in your problem
>> because you
>> are using NetReg v1.3rc2 with the latest CIDR update. The CIDR version of
>> variables.pl and register.cgi does not use the $ALLOW_DOMAIN variable.
>> All
>> subnet information is stored in /etc/netreg/subnet.dat.
>>
>> I noticed a small problem in your subnet.dat. The 3rd parameter in
>> subnet.dat should refer to the total number of leases allocated to your
>> registered client pool, but instead it refers to total number hosts
>> allowed
>> on your entire subnet.
>>
>> Subnet.dat:
>> 1st 2nd 3rd 4th (empty)
>> 157.62.236.0/23:LaurelB:510::
>>
>> dhcpd.conf:
>>
>> Registered Host Pool
>> -------------------------------------------------
>> range 157.62.236.5 - 157.62.236.49 (45)
>> range 157.62.236.156 - 157.62.236.229 (74)
>> range 157.62.236.246 - 157.62.236.254 (9)
>>
>> Unregistered client pool
>> -------------------------------------------------
>> range 157.62.236.50 - 157.62.236.154 (105)
>>
>> The above ranges in your registered client pool are only 128 total
>> leases,
>> not 510 and your unregistered client pool has only 105 available
>> leases. The
>> third parameter should say 128, instead of 510. BTW, your lease pools are
>> too small and should be increased. Since your subnet starts at
>> 157.62.236.1
>> and ends at 157.62.237.254, you should make use of the unused address
>> space
>> between 157.62.237.1 and 157.62.237.254 for your lease pools.
>>
>> -- Patrick Jaques
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:42 CDT