overlapping pools in DHCP config file - WANTED

I'm using the DHCP server to provide addresses for multiple private
networks, and want to have overlapping pools. Some other systems
(Cisco for example) have a way to configure the DHCP server to
recognize overlapping address pools that are part of VPNs; how can this
be done using the dhcpd server?

I basically want to tell the server that it is NOT allocating addresses
for the network it's sitting on, and lots of users can have the same
address at the same time; they'll be allocated from different pools
(each with unique names) with different (unique) leases so it's not
like they'd be easily confused.

Thanks,

Hugh

I wrote:
> I'm using the DHCP server to provide addresses for multiple private
> networks, and want to have overlapping pools. Some other systems
> (Cisco for example) have a way to configure the DHCP server to
> recognize overlapping address pools that are part of VPNs; how can this
> be done using the dhcpd server?
>
> I basically want to tell the server that it is NOT allocating addresses
> for the network it's sitting on, and lots of users can have the same
> address at the same time; they'll be allocated from different pools
> (each with unique names) with different (unique) leases so it's not
> like they'd be easily confused.

Just a bit of clarification: the DHCP requests will all be coming from
the same place (a Radius server) which requests/renews etc the
addresses from the DHCP server after authentication.

I can configure the server to send extra DHCP options (like
dhcp-relay-agent-information) and I guess any others that may be useful
here.

Thanks,

Hugh

Hugh McGuinness <(E-Mail Removed)> wrote:
> I'm using the DHCP server to provide addresses for multiple private
> networks, and want to have overlapping pools. [...]

> I basically want to tell the server that it is NOT allocating addresses
> for the network it's sitting on,

....but that it should instead be allocating addresses for another
network...? Clarification, please


> and lots of users can have the same address at the same time [...]

Lots of users /can't/ have the same address at the same time, otherwise
the IP layer won't know to which MAC address (i.e. network card) packets
should be sent.


> Just a bit of clarification: the DHCP requests will all be coming from
> the same place (a Radius server) which requests/renews etc the
> addresses from the DHCP server after authentication.

DHCP allocates addresses based on the (ethernet) MAC address. If the
Radius server asks for lots of different addresses while using the same
MAC (i.e. its own) then I don't see how you can get the DHCP server to
issue different addresses each time. How would the DHCP server know that
an address was no longer in use, so that it could reuse that address
from the pool?

Chris

On Dec 15, 7:54 pm, Chris Davies <chris-use...@roaima.co.uk> wrote:
> Hugh McGuinness <hugh.mcguinn...@gmail.com> wrote:
>
> > I'm using the DHCP server to provide addresses for multiple private
> > networks, and want to have overlapping pools. [...]
> > I basically want to tell the server that it is NOT allocating addresses
> > for the network it's sitting on,
>
>...but that it should instead be allocating addresses for another
> network...? Clarification, please

It is allocating addresses to be used on (other) private networks,
correct.

>
> > and lots of users can have the same address at the same time [...]
>
> Lots of users /can't/ have the same address at the same time, otherwise
> the IP layer won't know to which MAC address (i.e. network card) packets
> should be sent.

There can be lots of users, only one on each of those private networks,
using the same IP address. Think of lots of houses with the number
'4', all in different streets.

>
> > Just a bit of clarification: the DHCP requests will all be coming from
> > the same place (a Radius server) which requests/renews etc the
> > addresses from the DHCP server after authentication.
>
> DHCP allocates addresses based on the (ethernet) MAC address.

Not necessarily; DHCP can also allocate on any other unique identifier
you pass to it as the client id. In a simple system if could even be
the user@realm handle, but in practice that's not necessarily unique
since the user could attempt to login twice, for example.

> If the
> Radius server asks for lots of different addresses while using the same
> MAC (i.e. its own) then I don't see how you can get the DHCP server to
> issue different addresses each time. How would the DHCP server know that
> an address was no longer in use, so that it could reuse that address
> from the pool?

By specifying this unique non-MAC identifier.

I suspect the way to implement this will be in having different subnet
sections in the dhcpd.comf file, but can the identifier be something
that is not an IP address?

Has anyone done something similar they can give an example of?

Thanks,

Hugh

Hugh McGuinness <(E-Mail Removed)> wrote:
> I suspect the way to implement this will be in having different subnet
> sections in the dhcpd.comf file, but can the identifier be something
> that is not an IP address?

OK, thanks for the clarifications.

I've not tried this, but could the "spawn" keyword (as described in
dhcpd.conf) help you define classes - and therefore allocations to
different subnets - on the fly?

For context, the example from the man page is:

class "customer" {
spawn with option agent.circuit-id
lease limit 4;
}

Cheers,
Chris