DHCP problem in a complex scenario with lease events

Christian Loth c.loth at phase2-networks.com
Tue Oct 20 13:03:34 UTC 2009


Hello everyone,

I stumbled upon a showstopper for a rather complex software system I'm 
developing using DHCP as one of the components. Please excuse any awkward 
language - I'm not a native speaker.

This software is a network management application that deals with untrusted 
network clients. Each client is assigned its individual IP address via DHCP. 
Network clients are identified by their MAC addresses. 

Users can log into a web application where they can change their clients' MAC 
addresses. Therefore  users keep their IP addresses regardless of the actual 
machine accessing the network.

When changing a client to a new MAC address, the server software behind the 
web application rewrites the dhcpd.conf and restarts dhcpd.

IP/MAC coupling in the configuration file is done via "fixed-address/hardware 
ethernet" entries.

The IP comes from a pool of networks managed by the server software.

Now it gets interesting: by authenticating to the web application the user's 
clients are granted access through the packet filter firewall. This access is 
only temporary and is supposed to be disabled if one of two conditions is 
met: either the lease expires or the lease is released. The max lease time 
was set to a small duration for this very purpose.

By executing a special command after an expiry or a release event the packet 
filter firewall was to revoke the clients' access privileges. I used the "on 
expiry" and "on release" mechanisms in combination with "execute".

Now enter the showstopper: the coupling of fixed-address with 
hardware-ethernet  does not use the normal lease database. Events are not 
triggered. In short: the idea isn't working. Unfortunately I found out too 
late about "fixed-address/hardware ethernet" not triggering lease events.

So here are my questions:

1) Is there any way for the "fixed-address/hardware ethernet" entries to 
trigger the lease events?

If not:

2) Is there any other way to provide a fixed IP with a MAC address that 
triggers those events and should work with a web application like I described 
above?

Any help is appreciated.

Best regards,
- Christian Loth








More information about the dhcp-users mailing list