Periodic assignment of unique IP address

Siraj Shaikh siraj.shaikh at gmail.com
Thu Nov 29 17:04:38 UTC 2007


On 29/11/2007, Simon Hobson <dhcp1 at thehobsons.co.uk> wrote:
> Siraj Shaikh wrote:
>
> >I have a few queries regarding the DHCP configuration
>
> It might help if you described what it is that you wish to achieve,
> and these queries have all been answered fairly recently (though
> perhaps not in the exact words you have used).
>
> >1) I am trying to set up my network, where on the same network segment
> >I have two different sets of clients that are assigned IP addresses at
> >different intervals. That is to say, the lease assigned to one set of
> >clients is different to the lease assigned to the other set of
> >clients. As far as I understand, I can do this by using DHCP user
> >class mechanisms, whereby I deal with different sets of clients as
> >part of different classes (and then each class is assigned a different
> >lease time). Is that right?
>
> Yes, you can treat different clients in different ways. You would
> normally need to use classes for this - lookup man dhcpd.conf and see
> the sections on classes and subclasses. If there is a characteristic
> of the clients you can match on then you can use a form of :
> class .....
>    match if <some condition is true>
>
> You might do this, for example, if you wanted to select all VoIP
> phones from a particular vendor by the vendor prefix in the MAC
> address.
>
> If there isn't a matchable condition, then you may have to list each
> client by MAC address - see the subclasses section of the man page.

I wonder if there is a condition which allows us to check whether
there are any current/existing TCP connections open on the client -
before renewing the lease?

> >2) Following up from the above, is there any way of assigning a random
> >lease to a particular user class? Random in the sense that I would
> >like to pass a range (upper and lower limits) of lease, and then let
> >the DHCP Server assign a number in between randomly?
>
> You mean, allocate a range of addresses for a class of client, and
> then the addresses are dynamically allocated from that range ? This
> is the default and is done like :
>
> subnet ....
>    ....
>    pool {
>      range a.b.c.10 a.b.c.29 ;
>      allow members of "class1" ;
>    }
> }
>

Sorry, my orignal question was I think ambigious. What I meant was the
range of lease time, that is to say, if I assign a range of 5 minutes
to 3 days, I would like the server to assign a lease for anytime
between 5 mins and 3 days - and let it choose it randomly.

> >3) My main question: how do I configure a DHCP client that allows it
> >to be assigned a unique IP address everytime it renews its lease? Is
> >it possible to configure the DHCP Server such that it assigns a
> >particular class of clients (or just particular clients; manually
> >assigned) a unique (different to prior) IP address every time their
> >lease is renewed? I am interested to know the answer to both
> >questions, as in from the configuration of a dhcp client and a dhcp
> >server.
>
> For both the server and client, this is specifically against the
> requirements of the RFCs which are quite clear that the client should
> retain it's address when it renews. Changing a clients address is bad
> news - it breaks all it's connections and causes all sort of grief !
>
> What is the reason for wanting the client address to change ?

I should have explained this earlier. As part of my research, I am
exploring various aspects of deploying a 'network security monitoring'
sensor on a network segment. The reason for acquiring a unique IP
address (at every renewal) for this, is to attempt to 'hide' the
sensor so that it does not stay on a particular IP for a longer time
(as this may allow an intruder to identify the sensor). The need to
assign an IP arises because we do want to be able to access some
services on the machine as well.

May I just add here, we are not interested in assigning a particular
unique IP address (at every renewal) - just whatever is available from
the pool (which we will set accordingly ofcourse).

Another option would be to have a client utility that reassigns the IP
address of the client (it is running on) and perhaps chooses it from a
range. Is anyone aware of such an existing utility?

Thanks


More information about the dhcp-users mailing list