Ignore DISCOVERs from a certain MAC?

Tina Siegenthaler tina at zool.uzh.ch
Mon Jul 16 11:41:49 UTC 2007


Dear list

Maybe someone of you can help me... I want my DHCP-Server to ignore  
DISCOVERs that are issued by a certain MAC address. Why this?

I keep getting DISCOVERS on my DHCP server from a MAC address  
00:14:22:72:6d:cb - about every minute or so. Like this:

Jul 16 13:27:32 DHCP-0352 dhcpd: DHCPDISCOVER from 00:14:22:72:6d:cb  
via 130.60.23.1: peer holds all free leases
Jul 16 13:28:36 DHCP-0352 dhcpd: DHCPDISCOVER from 00:14:22:72:6d:cb  
via 130.60.23.1: peer holds all free leases
Jul 16 13:29:40 DHCP-0352 dhcpd: DHCPDISCOVER from 00:14:22:72:6d:cb  
via 130.60.23.1: peer holds all free leases

Thing is, this MAC address doesn't actually exist on our network, so  
it's not getting an IP (we have "deny unknown clients" set in this  
subnet), but the DISCOVERS are filling the log, and are getting on my  
nerves...
We have a Windows server on that subnet (trust Windows for creating  
trouble...). It has two ethernet cards. One of the cards is enabled,  
the cable plugged in, and the interface is configured to have a  
manual, static IP. The other network card is disabled, and no cable  
is plugged in. The MAC addresses of the two cards are strangely  
similar to the MAC sending the DISCOVERs, namely 00:14:22:72:6d:ca  
(disabled) and 00:14:22:72:6d:c9 (enabled, manual IP). Note that only  
the last digit is different from 00:14:22:72:6d:cb. The cable of the  
enabled card is plugged into a certain ethernet patch, and our Cisco  
router database says that the DISCOVERs from 00:14:22:72:6d:cb (the  
non-existing MAC) are coming from the very same patch. ???
Since I'm not very familiar with Windows, I haven't succeeded  
stopping these DISCOVERs (neither has my colleague, who is actually  
responsible for that Win server), but at least, I'd like to stop them  
cluttering my dhcp.log, if that is possible...

This is my dhcpd.conf:

failover peer "DHCP-Zool" {
         secondary;
         address 130.60.23.114;
         port 520;
         peer address 130.60.23.4;
         peer port 520;
         max-response-delay 60;
         max-unacked-updates 10;
         load balance max seconds 5;
}
...
subnet 130.60.23.0 netmask 255.255.255.192 {
         option routers 130.60.23.1;
         option broadcast-address 130.60.23.63;
         pool {
                 failover peer "DHCP-Zool";
                 deny dynamic bootp clients;
                 deny unknown-clients;
                 allow members of "Fix_Y11A";
                 allow members of "Fix_Y13A";
                 allow members of "Fix_Y13S";
                 allow members of "Fix_Y25A";
                 allow members of "Fix_Y32A";
                 allow members of "Fix_Y34A";
                 allow members of "Fix_Y42A";
                 allow members of "Variabel";
                 deny members of "Verboten";
                 range 130.60.23.40 130.60.23.47;
                 range 130.60.23.51 130.60.23.56;         }
         default-lease-time 21600;
         max-lease-time 21600;
}
...


Thanks for your help, Tina





**********************************************
Dr. Tina Siegenthaler

IT support

Institute of Zoology
University of Zurich
Winterthurerstr. 190
8057 Zürich

tel : ++41 44 6354891
email: tina at zool.uzh.ch
**********************************************






More information about the dhcp-users mailing list