how respond only to specific clients
Glenn Satchell
Glenn.Satchell at uniq.com.au
Thu Jun 22 14:12:45 UTC 2006
>To: dhcp-users at isc.org
>Subject: Re: how respond only to specific clients
>From: Douglas Sterner <DSterner at arnoldtrans.com>
>Date: Thu, 22 Jun 2006 10:03:44 -0400
>
>The error in my log file is no leases available.
That means it didn't match the class, since they're the only hosts that
can get addresses from the pool. Did you try with and without the '\0'?
Maybe a packet trace using snoop, tcpdump or ethereal will show what
the client is sending over so you can match against it exactly.
Also if you have host statements these are global in scope, so putting
them inside the pool can confuse things somewhat. Better to move them
outside the subnet definition.
For the hosts to pick up the subnet definitions, everything except the
'range' and 'allow' lines should probably move out of the pool into the
subnet scope. This will allow the host declarations to pick up the
subnet definitions (such as option routers, subnet mask, etc).
regards,
-glenn
># 192.168.70.X Network
>class "Internal" {
> match if option dhcp-client-identifier = "\0Internal";
>}
>subnet 192.168.70.0 netmask 255.255.254.0 {
> pool {
> option netbios-node-type 8;
> ddns-updates on;
> range 192.168.71.120 192.168.71.245;
> option subnet-mask 255.255.254.0;
> option routers 192.168.70.1;
> allow members of "Internal";
> authoritative;
> #Dell 1700N Laser Jet Printer
> host gptxa-1700n-1 {
> hardware ethernet 00:04:00:c3:5c:04;
> fixed-address 192.168.70.61;
> }
> #HP 4200 Laser Jet Printer
> host gptxa-4200-1 {
> hardware ethernet 00:30:c1:0c:6a:2f;
> fixed-address 192.168.70.58;
> }
>
>Douglas Sterner
>
>
>
>
>
>Glenn Satchell <Glenn.Satchell at uniq.com.au>
>Sent by: dhcp-users-bounce at isc.org
>06/22/2006 09:34 AM
>Please respond to
>dhcp-users at isc.org
>
>
>To
>dhcp-users at isc.org
>cc
>
>Subject
>Re: how respond only to specific clients
>
>
>
>
>
>
>
>>To: <dhcp-users at isc.org>
>>Subject: how respond only to specific clients
>>From: Douglas Sterner <DSterner at arnoldtrans.com>
>>Date: Thu, 22 Jun 2006 08:44:24 -0400
>>
>>Trying to use the dhcp-client-identifier option to only give out IP's to
>>authorized workstations. Well the short story is it doesn't work. My
>>clients all have Internal as there DCI but are unable to get an address
>>with this config. Do I need to use pools, the man pages have been vague
>on
>>examples. In addition dhcp-client-identifier, 0, 3 where can I find out
>>what the 0 and 3 mean, I haven't found a good reference as of yet.
>>#192.168.40.X Network
>>class "Internal" {
>> match if substring (option dhcp-client-identifier, 0, 3) = "Internal";
>>}
>>subnet 192.168.40.0 netmask 255.255.254.0 {
>> pool {
>> option netbios-node-type 8;
>> ddns-updates on;
>> range 192.168.41.120 192.168.41.245;
>> option subnet-mask 255.255.254.0;
>> option routers 192.168.40.1;
>> allow members of "Internal";
>> deny unknown-clients;
>> authoritative;
>> }
>>
>>
>>
>>Thanks
>>
>>Douglas Sterner
>>
>>
>Hi Douglas,
>
>You need to do a bit of reading, but the reasons why it doesn't work
>are all to do with the configuration.
>
>The substring operator is described in the dhcp-eval man page. The 0,3
>describe the offset and length, so a substring of length 3 can never
>equal "Internal". You probably want to just drop the whole substring bit
>and use something like this:
>
>#192.168.40.X Network
>class "Internal" {
> match if option dhcp-client-identifier = "Internal";
>}
>
>Note the warning in the dhcp-options page, though:
>
> Please be aware that some DHCP clients, when configured
> with client identifiers that are ASCII text, will prepend
> a zero to the ASCII text. So you may need to write:
>
> option dhcp-client-identifier "\0Internal";
>
>The rest looks ok, but you don't need the 'deny unknown-clients;' as
>the previous allow means that everything else is denied anyway.
>
>The options are described in the dhcp-options man page, and general
>configuration in the dhcpd.conf man page.
>
>regards,
>-glenn
>
>
>
>
>
>
More information about the dhcp-users
mailing list