DHCP Roaming

Glenn Satchell glenn.satchell at uniq.com.au
Thu Feb 14 13:55:48 UTC 2013 

Hi James

So you need to have a way to identify all your subnet D hosts. Then you
allow or deny the class in the particular pools.

One way to do this is to use host statements for all the allowed subnet A,
B and C hosts. Then you can put "permit known hosts;" in the pools. Subnet
D would not use host statements, so these systems would be unknown.

Another option is to create a host for all the subnet A, B and C hosts as
described in the dhcpd.conf man page - search down for subclass.

class "goodguys" {
  match hardware;
}
# repeat subclass lines, one for each host to include
subclass "goodguys" 1:8:0:2b:4c:39:ad;
subclass "goodguys" 1:a:b:c:d:e:f;

subnet a.a.a.0 ... {
  pool {
    allow members of "goodguys";
    range ...
  }
}
host "goodguy1" {
  hardware ethernet 8:0:2b:4c:39:ad;
  fixed-address a.a.a.99;
}

You need to list all the good hosts mac addresses in a subclass statement,
so it is kind of doubling up (they will be in host statements too). Note
that you also need the 1 at the start of the subclass as this represents
the network type, 1 is ethernet.

If you need more help, keep asking questions. There's a few ways to do
what you want.

regards,
-glenn


On Fri, February 15, 2013 12:34 am, James Jalbert wrote:
> Yeah, I looked at classes but did not look like an easy task. Thanks for
> all your help.
>
> James Jalbert
> Network Administrator
> Eastern Aroostook RSU #39
> Phone: 207-493-4246
> E-Mail: jjalbert at rsu39.org
>
>
>
>>>> Steven Carr <sjcarr at gmail.com> 2/14/2013 8:31 AM >>>
> On 14 February 2013 13:21, James Jalbert <jjalbert at rsu39.org> wrote:
>> But Subnet D is also going to have fixed-address clients. is there a way
>> to stop them from roaming?
>
> Not easily, you would need to look at setting up a class and adding
> each allowed mac address to the class then restrict the pool to
> clients only in the defined class. It would be a lot easier to just
> separate out managed/unmanaged clients into different subnets (and
> from a security point of view would enable you to limit the damage
> unmanaged clients can do).
>
> Steve
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

More information about the dhcp-users mailing list