DHCP problem in a complex scenario with lease events
c.loth at phase2-networks.com
Tue Oct 20 13:03:34 UTC 2009
I stumbled upon a showstopper for a rather complex software system I'm
developing using DHCP as one of the components. Please excuse any awkward
language - I'm not a native speaker.
This software is a network management application that deals with untrusted
network clients. Each client is assigned its individual IP address via DHCP.
Network clients are identified by their MAC addresses.
Users can log into a web application where they can change their clients' MAC
addresses. Therefore users keep their IP addresses regardless of the actual
machine accessing the network.
When changing a client to a new MAC address, the server software behind the
web application rewrites the dhcpd.conf and restarts dhcpd.
IP/MAC coupling in the configuration file is done via "fixed-address/hardware
The IP comes from a pool of networks managed by the server software.
Now it gets interesting: by authenticating to the web application the user's
clients are granted access through the packet filter firewall. This access is
only temporary and is supposed to be disabled if one of two conditions is
met: either the lease expires or the lease is released. The max lease time
was set to a small duration for this very purpose.
By executing a special command after an expiry or a release event the packet
filter firewall was to revoke the clients' access privileges. I used the "on
expiry" and "on release" mechanisms in combination with "execute".
Now enter the showstopper: the coupling of fixed-address with
hardware-ethernet does not use the normal lease database. Events are not
triggered. In short: the idea isn't working. Unfortunately I found out too
late about "fixed-address/hardware ethernet" not triggering lease events.
So here are my questions:
1) Is there any way for the "fixed-address/hardware ethernet" entries to
trigger the lease events?
2) Is there any other way to provide a fixed IP with a MAC address that
triggers those events and should work with a web application like I described
Any help is appreciated.
- Christian Loth
More information about the dhcp-users