how respond only to specific clients

Douglas Sterner DSterner at arnoldtrans.com
Thu Jun 22 14:03:44 UTC 2006


The error in my log file is no leases available.

# 192.168.70.X Network
class "Internal" {
  match if option dhcp-client-identifier = "\0Internal";
}
subnet 192.168.70.0 netmask 255.255.254.0 {
        pool {
                option netbios-node-type 8;
                ddns-updates on;
                range 192.168.71.120 192.168.71.245;
                option subnet-mask 255.255.254.0;
                option routers 192.168.70.1; 
                allow members of "Internal";
              authoritative;
              #Dell 1700N Laser Jet Printer
                host gptxa-1700n-1 {
                        hardware ethernet 00:04:00:c3:5c:04;
                        fixed-address 192.168.70.61;
                        }
                #HP 4200 Laser Jet Printer
                        host gptxa-4200-1 {
                        hardware ethernet 00:30:c1:0c:6a:2f;
                        fixed-address 192.168.70.58;
                        }
 
Douglas Sterner 

 



Glenn Satchell <Glenn.Satchell at uniq.com.au> 
Sent by: dhcp-users-bounce at isc.org
06/22/2006 09:34 AM
Please respond to
dhcp-users at isc.org


To
dhcp-users at isc.org
cc

Subject
Re: how respond only to specific clients







>To: <dhcp-users at isc.org>
>Subject: how respond only to specific clients
>From: Douglas Sterner <DSterner at arnoldtrans.com>
>Date: Thu, 22 Jun 2006 08:44:24 -0400
>
>Trying to use the dhcp-client-identifier option to only give out IP's to 
>authorized workstations. Well the short story is it doesn't work. My 
>clients all have Internal as there DCI but are unable to get an address 
>with this config. Do I need to use pools, the man pages have been vague 
on 
>examples. In addition dhcp-client-identifier, 0, 3 where can I find out 
>what the 0 and 3 mean, I haven't found a good reference as of yet.
>#192.168.40.X Network
>class "Internal" {
>  match if substring (option dhcp-client-identifier, 0, 3) = "Internal";
>}
>subnet 192.168.40.0 netmask 255.255.254.0 {
>        pool {
>                option netbios-node-type 8;
>                ddns-updates on;
>                range 192.168.41.120 192.168.41.245;
>                option subnet-mask 255.255.254.0;
>                option routers 192.168.40.1; 
>                allow members of "Internal";
>              deny unknown-clients;
>              authoritative;
>        }
>
>
>
>Thanks 
>
>Douglas Sterner 
>
>
Hi Douglas,

You need to do a bit of reading, but the reasons why it doesn't work
are all to do with the configuration.

The substring operator is described in the dhcp-eval man page. The 0,3
describe the offset and length, so a substring of length 3 can never
equal "Internal". You probably want to just drop the whole substring bit
and use something like this:

#192.168.40.X Network
class "Internal" {
  match if option dhcp-client-identifier = "Internal";
}

Note the warning in the dhcp-options page, though:

       Please be aware that some DHCP  clients,  when  configured
       with  client identifiers that are ASCII text, will prepend
       a zero to the ASCII text.   So you may need to write:

            option dhcp-client-identifier "\0Internal";

The rest looks ok, but you don't need the 'deny unknown-clients;' as
the previous allow means that everything else is denied anyway.

The options are described in the dhcp-options man page, and general
configuration in the dhcpd.conf man page.

regards,
-glenn







More information about the dhcp-users mailing list