DHCP Roaming

Glenn Satchell glenn.satchell at uniq.com.au
Fri Feb 15 00:37:12 UTC 2013


Hi James

Could you modify your perl script to also write out the subclass lines to
a separate file and also set that up as an include in the main dhcpd.conf?
the only specific data is the mac addresses, which you already get from
the database for the host statements.

Otherwise your idea about not using host declarations for subnet D would
be the easiest one to go with.

regards,
-glenn

On Fri, February 15, 2013 1:07 am, James Jalbert wrote:
> Thank you Glenn,
>
> The only issue is that I have 300-400 machines in Subnet A, B, and C each.
> Also use a Ruby on Rail Webapp to input the host information in a mysql
> database, and a perl script that writes host information from the database
> to a file called ip.hosts that is setup as an include in the main
> dhcpd.conf file.
>
> I work with a few challenged people, so this sounds confusing, and was a
> bear to set up, but it automated the process so that a tech could go to a
> webpage, insert the host name and mac address for the machine, click on
> update, and the magic happens in the background,(database update, export
> and format to ip.hosts file, the restart dhcp service). So due to this I
> almost think that using a class would be very difficult to do. I am
> thinking that maybe the easiest way would be to NOT set host declarations
> up for subnet D, only do dynamic addresses, and deny unknown clients in
> all other subnets.
>
> James Jalbert
> Network Administrator
> Eastern Aroostook RSU #39
> Phone: 207-493-4246
> E-Mail: jjalbert at rsu39.org
>
>
>
>>>> "Glenn Satchell" <glenn.satchell at uniq.com.au> 2/14/2013 8:55 AM >>>
> Hi James
>
> So you need to have a way to identify all your subnet D hosts. Then you
> allow or deny the class in the particular pools.
>
> One way to do this is to use host statements for all the allowed subnet A,
> B and C hosts. Then you can put "permit known hosts;" in the pools. Subnet
> D would not use host statements, so these systems would be unknown.
>
> Another option is to create a host for all the subnet A, B and C hosts as
> described in the dhcpd.conf man page - search down for subclass.
>
> class "goodguys" {
>   match hardware;
> }
> # repeat subclass lines, one for each host to include
> subclass "goodguys" 1:8:0:2b:4c:39:ad;
> subclass "goodguys" 1:a:b:c:d:e:f;
>
> subnet a.a.a.0 ... {
>   pool {
>     allow members of "goodguys";
>     range ...
>   }
> }
> host "goodguy1" {
>   hardware ethernet 8:0:2b:4c:39:ad;
>   fixed-address a.a.a.99;
> }
>
> You need to list all the good hosts mac addresses in a subclass statement,
> so it is kind of doubling up (they will be in host statements too). Note
> that you also need the 1 at the start of the subclass as this represents
> the network type, 1 is ethernet.
>
> If you need more help, keep asking questions. There's a few ways to do
> what you want.
>
> regards,
> -glenn
>
>
> On Fri, February 15, 2013 12:34 am, James Jalbert wrote:
>> Yeah, I looked at classes but did not look like an easy task. Thanks for
>> all your help.
>>
>> James Jalbert
>> Network Administrator
>> Eastern Aroostook RSU #39
>> Phone: 207-493-4246
>> E-Mail: jjalbert at rsu39.org
>>
>>
>>
>>>>> Steven Carr <sjcarr at gmail.com> 2/14/2013 8:31 AM >>>
>> On 14 February 2013 13:21, James Jalbert <jjalbert at rsu39.org> wrote:
>>> But Subnet D is also going to have fixed-address clients. is there a
>>> way
>>> to stop them from roaming?
>>
>> Not easily, you would need to look at setting up a class and adding
>> each allowed mac address to the class then restrict the pool to
>> clients only in the defined class. It would be a lot easier to just
>> separate out managed/unmanaged clients into different subnets (and
>> from a security point of view would enable you to limit the damage
>> unmanaged clients can do).
>>
>> Steve
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>




More information about the dhcp-users mailing list