[SPAM] Re: [SPAM] Broadcast address leased to a client *Again*
Glenn Satchell
glenn.satchell at uniq.com.au
Wed Mar 17 22:07:48 UTC 2010
On 03/18/10 08:58, Glenn Satchell wrote:
> On 03/18/10 06:21, "Daniel D. Gonçalves" wrote:
>> Simon Hobson escreveu:
>>> Daniel D. Gonçalves wrote:
>>>
>>>>> However, there have been reports on this list in the past that some
>>>>> devices running bad code do "get it wrong" when presented with such
>>>>> an address/netmask - and if you have any such devices then you may
>>>>> want to exclude them from your pool (as others have described).
>>>
>>>> Yes, and my problem is just with devices that do not accept these IPs
>>>> ending "0" and "255".
>>>> The solution using multiple range statements works, but I consider it
>>>> very boring...
>>>
>>> Boring is what network admin should be - excitement is stressful ;-)
>>> But you have confirmed that such devices still exist.
>>>
>>>
>>> The only other ways I can think of are :
>>>
>>> host "bad_device_name" {
>>> hardware ethernet aa:bb:cc:dd:ee:ff ;
>>> deny booting ;
>>> }
>>>
>>> or create a class that matches the vendor OUI and block all devices
>>> from the vendor until they fix their code :
>>>
>>> class "bad-code" {
>>> match if substring(hardware,1,3)="aa:bb:cc" ;
>>> deny booting ;
>>> }
>>>
>>> That would keep the bad device off the network where it could be
>>> argued it belongs !
>>>
>>> Or if you run a recent enough version, then you could create dummy
>>> reserved leases for all the .0 and .255 addresses. Reserved leases are
>>> very much like regular leases, except that they are permanently tied
>>> to one client and never re-allocated. You get all the advantages of
>>> leases (status, dynamic DNS, etc) but with effectively fixed
>>> addresses. If you created dummy leases then that would prevent the
>>> addresses being leased to other clients.
>>>
>>> To be honest, it's easier to just create split ranges. It might not
>>> look pretty, but it's only a one-off config.
>>>
>>>
>>>> I would like something more practical, someone able to create a patch
>>>> to not use the IPs ending "0" and "255" within a range ?
>>>
>>> Well that would be adding cruft, but I suppose if someone offered a
>>> patch then it might be accepted.
>>>
>> Okay, let's see if someone agrees to create the patch.
>>
>> Thanks all.
>
> I think that would be a bad patch - to silently exclude valid addresses
> from the range. Especially as there is a simple way to achieve what you
> want using dhcpd.conf configuration.
>
> A perl script to create the required config is trivial, only a few lines
> with a repeating loop:
>
> subnet 10.1.0.0 netmask 255.255.0.0 {
> pool {
> range 10.1.0.2 10.1.255.254;
> ...
> }
>
> print "subnet 10.1.$addr.0 netmask 255.255.0.0 {\n";
> foreach my $addr (0 .. 255) {
> print "pool { range 10.1.$addr.2 10.1.$addr.254; }\n";
> }
> print "}\n";
>
oh, that creates multiple pools with a single range. Here's one to do
one pool with many ranges:
print "subnet 10.1.0.0 netmask 255.255.0.0 {\n pool {\n";
foreach my $addr (0 .. 255) {
print " range 10.1.$addr.2 10.1.$addr.254;\n";
}
print " }\n}\n";
--
regards,
-glenn
--
Glenn Satchell | Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia | do at work Dad?
mailto:glenn.satchell at uniq.com.au | Miss 6: He just
http://www.uniq.com.au tel:0409-458-580 | types random stuff.
More information about the dhcp-users
mailing list