From: King, Michael (MKing@bridgew.edu)
Date: Wed Dec 17 2003 - 13:36:25 CST
We use a small CIDR block of address from the RFC1918 range (I think
they are /26's) so that there are 60 unregistered addresses. Then we
use "Real" Ip address in full /24's for our registered range. The pool
is large enough to prevent blockage, but the unregistered address
recycle quickly.
This gives us the ability to not waste a full /24 for every unregistered
range, and give us seperation from building to building.
Here's a snippet of my dhcpd.conf. Each building is setup like this.
Becareful of the line wrap
shared-network "Scott Hall" {
subnet 192.168.140.0 netmask 255.255.255.192 {
authoritative; # It's always right
ignore bootp; # don' hand out BootP addresses
one-lease-per-client true;
option domain-name-servers 192.207.56.12; #NetReg Server
one-lease-per-client true;
max-lease-time 120; #2 minutes
default-lease-time 120; #2 minutes
ddns-updates off; #Causes too much
thrash
#in
unregistered range
#(On
serverwide)
# Unknown clients get this pool.
pool {
option routers 192.168.140.62;
range 192.168.140.1 192.168.140.61;
allow unknown clients;
}
} # end Subnet
subnet 207.206.226.0 netmask 255.255.255.0 {
authoritative; # It's always right
ignore bootp;
option domain-name-servers 192.168.254.3, 192.207.56.1;
one-lease-per-client true;
option domain-name "reshall.bridgew.edu";
ddns-domainname "reshall.bridgew.edu";
option broadcast-address 207.206.226.255;
max-lease-time 604800;
default-lease-time 604800;
# Known clients get this pool.
pool {
option routers 207.206.226.254;
range 207.206.226.2 207.206.226.253;
deny unknown clients;
}
} # end Subnet
} # End of Scott
-----Original Message-----
From: owner-netreg@southwestern.edu
[mailto:owner-netreg@southwestern.edu] On Behalf Of Steve Hess
Sent: Wednesday, December 17, 2003 2:18 PM
To: netreg@southwestern.edu
Subject: Re: NetReg: netreg - subnet.dat question
We had a similar problem where we didn't want to use separate subnets
for
unrestricted and restricted. We give each dorm its own class C address
scheme. We then take the 30 address of the pool as the restricted and
200
addresses as the unrestricted. In the subnet.dat we define the subnets
as
follows:
Subnet/24:Name:200::
in your example
157.62.236.1/23:Building:354::
The real key to this comes in the DHCPD.conf where you can define the
pools
of the restricted and unrestricted to be the exact ones you list
below. Our setup is not as fragmented but has been working fine. The
only
drawback I have found is that you can't track restricted and
unrestricted
usage as well as with separate subnets. Also you have to get more
creative
with border security since you can't just setup a particular subnet as
non-routable. We use a Packeteer PacketShaper and just add the
addresses
into a list to redirect back to NetReg. That way even if they manually
enter the DNS server they can't get anywhere.
Steve
At 01:41 PM 12/17/2003 -0500, you wrote:
>Thank you for all of the help you provided me w/in the past couple of
>months. We are still having a minor problem... We had dhcp split up
>into 2 subnets, 157.62.236.0 for registered, and 237.0 for unregistered
>and it could register machines w/no problem... but our problem is, we
>don't have enough leases if we just use the 236.0 for our registered
>clients, so we need to have it split it up like this:
>
>registered clients
> range 157.62.236.5 157.62.236.154;
> range 157.62.236.156 157.62.236.229;
> range 157.62.236.246 157.62.237.100;
>
>
>unregistered clients:
> range 157.62.237.101 157.62.237.254
>
>subnet mask - 255.255.254.0
>
>Now, i have no idea how to reflect this properly in the subnet.dat
>file. any ideas would be greatly appreciated.
>
>
>Thank you again for all of your time.
>
>Calissa
>
>
>
>
>
>**********************************************************************
>To unsubscribe from this list, send an e-mail message to
>majordomo@southwestern.edu containing a single line with the words:
>unsubscribe netreg Send requests for assistance to:
>owner-netreg@southwestern.edu
>**********************************************************************
-------------------------------------------------------------
Steve Hess
Network/Telecommunications Technician
Wheaton College
Phone: (508) 286-3404
Fax: (508) 286-8270
---------------------------------------------------------------
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg Send requests for assistance to:
owner-netreg@southwestern.edu
**********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:42 CDT