Bruce.Hudson at dal.ca
Thu Nov 20 18:21:07 UTC 2008
> I'd like to restrict access to some specific pools, from some specific
> VLAN, by means of a class that take care of the source ip of the
> request packet.
> For example :
> Nov 20 16:04:03 intranet dhcpd: DHCPDISCOVER from 00:1c:bf:92:d6:e0
> via 192.168.33.200
> Nov 20 16:04:03 intranet dhcpd: DHCPOFFER on 192.168.33.223 to
> 00:1c:bf:92:d6:e0 via 192.168.33.200
> I mean the "via" IP address.
> Is it possible ?
Your request is a bit amiguous. You mention "the source IP of the
packet", which is one thing; then "the via IP address", which is a
different thing altogether.
To start with the second option, the address logged above is the
"giaddr" field that is part of the DHCP packet. Restricting offered
addresses to match it is core functionality. The DHCP server will
never give out an address that it thinks is wrong for what-ever
broadcast domain (aka the VLAN) that the request came from; and the
"giaddr" field (or the interface IP if the request is seen directly
as a broadcast, without being relayed) is used to determine which
broadcast domain that is.
The most common reason that this does not work is use of a
"shared-network" block incorrectly.
If you do need the source IP address, for what-ever weird reason,
there is no built-in way to look at it in the server but it is in a
fixed place in the packet so the "packet" function should allow you
to use it to determine your class membership. However, unless you are
dealing with seriously broken relay devices, you should not need to
use the source IP.
Bruce A. Hudson | Bruce.Hudson at Dal.CA
UCIS, Networks and Systems |
Dalhousie University |
Halifax, Nova Scotia, Canada | (902) 494-3405
More information about the dhcp-users