Trying to keep out Non-Phones in a Subnet
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Jan 15 21:51:21 UTC 2009
Martin McCormick wrote:
> We set up a subnet just for VOIP phones and would like
>to disallow devices such as work stations, etc, from using that
>network. We already have a class for Cisco telephones which
>works fine so what we would like to happen is for any Cisco
>telephone to get a dynamic address on this network and anything
>else to get nothing but a log entry so we can find out what the
>problem is and get them plugged in to the correct network. After
>doing some research, I tried the following configuration which
>fails for pretty obvious reasons. All non-defined hosts are
>unknown hosts. I was hoping that their belonging to a class
>might make them known. Bad config follows:
>
>subnet 10.194.8.0 netmask 255.255.248.0 {
>option subnet-mask 255.255.248.0;
>option routers 10.194.15.254;
>ddns-updates on;
>option domain-name "voip-test.osu";
>option broadcast-address 10.194.15.255;
>default-lease-time 3600;
>max-lease-time 3600;
> pool {
>deny dynamic bootp clients;
>failover peer "stw";
>range 10.194.12.0 10.194.15.249;
>allow members of "cisco-telephone";
> deny unknown-clients;
>}
'allow members of "cisco-telephone";' is sufficient to prevent other
devices from accessing that pool - so just delete the 'deny
unknown-clients;' line. When ever you use an allow, anything not
allowed is implicitly denied (and the reverse if you use a deny,
anything not denied is allowed).
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list