[SPAM] Re: [SPAM] Broadcast address leased to a client *Again*

[Glenn Satchell]

On 03/18/10 06:21, "Daniel D. Gonçalves" wrote:
> Simon Hobson escreveu:
>> Daniel D. Gonçalves wrote:
>>
>>>> However, there have been reports on this list in the past that some
>>>> devices running bad code do "get it wrong" when presented with such
>>>> an address/netmask - and if you have any such devices then you may
>>>> want to exclude them from your pool (as others have described).
>>
>>> Yes, and my problem is just with devices that do not accept these IPs
>>> ending "0" and "255".
>>> The solution using multiple range statements works, but I consider it
>>> very boring...
>>
>> Boring is what network admin should be - excitement is stressful ;-)
>> But you have confirmed that such devices still exist.
>>
>>
>> The only other ways I can think of are :
>>
>> host "bad_device_name" {
>> hardware ethernet aa:bb:cc:dd:ee:ff ;
>> deny booting ;
>> }
>>
>> or create a class that matches the vendor OUI and block all devices
>> from the vendor until they fix their code :
>>
>> class "bad-code" {
>> match if substring(hardware,1,3)="aa:bb:cc" ;
>> deny booting ;
>> }
>>
>> That would keep the bad device off the network where it could be
>> argued it belongs !
>>
>> Or if you run a recent enough version, then you could create dummy
>> reserved leases for all the .0 and .255 addresses. Reserved leases are
>> very much like regular leases, except that they are permanently tied
>> to one client and never re-allocated. You get all the advantages of
>> leases (status, dynamic DNS, etc) but with effectively fixed
>> addresses. If you created dummy leases then that would prevent the
>> addresses being leased to other clients.
>>
>> To be honest, it's easier to just create split ranges. It might not
>> look pretty, but it's only a one-off config.
>>
>>
>>> I would like something more practical, someone able to create a patch
>>> to not use the IPs ending "0" and "255" within a range ?
>>
>> Well that would be adding cruft, but I suppose if someone offered a
>> patch then it might be accepted.
>>
> Okay, let's see if someone agrees to create the patch.
>
> Thanks all.

I think that would be a bad patch - to silently exclude valid addresses 
from the range. Especially as there is a simple way to achieve what  you 
want using dhcpd.conf configuration.

A perl script to create the required config is trivial, only a few lines 
with a repeating loop:

subnet 10.1.0.0 netmask 255.255.0.0 {
     pool {
         range 10.1.0.2 10.1.255.254;
        ...
     }

print "subnet 10.1.$addr.0 netmask 255.255.0.0 {\n";
for my $addr in (0 .. 255) {
     print "pool { range 10.1.$addr.2 10.1.$addr.254; }\n";
}
print "}\n";

-- 
regards,
-glenn
--
Glenn Satchell                            |  Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia   |  do at work Dad?
mailto:glenn.satchell at uniq.com.au         |  Miss 6: He just
http://www.uniq.com.au tel:0409-458-580   |  types random stuff.