How to restrict Windows XP DHCP clients to a specific subnet?
Ole Holm Nielsen
Ole.H.Nielsen at fysik.dtu.dk
Thu Feb 13 13:30:47 UTC 2014
W.J.M. Nelis Wim.Nelis at nlr.nl wrote:
>> We run the ISC DCHP version 4.1.1 server that comes with Red Hat RHEL 6.5
>> Linux. We grant DHCP leases only to known hosts, and we have files with
>> declarations of host names and their MAC addresses to achieve this.
>>
>> We have a new challenge because we want to restrict all Windows XP PCs
>> (and we know who they are :-) to a specific VLAN subnet, where we want to
>> impose strict firewall rules. If a user connects his XP PC to any other
>> VLAN subnet, the DHCP server must ignore this client.
>>
>> I've searched unsuccessfully for a dhcpd.conf configuration example
>> implementing this desired goal:
>>
>> 1. Define a subnet which *only* permits a certain list of host
>> declarations (i.e., my XP PCs) to get a lease.
>>
>> 2. In all other subnets, the XP PCs *must not* get a lease.
>
> We are experimenting with an ISC DHCP configuration to achieve the goal you
> describe. Currently the following seems to do the job:
>
> class "Claudus" {
> match hardware ;
> set client-class= "Claudus" ;
> }
I have searched in vain for the "set client-class" statement. Other
examples of classes I've seen don't seem to use this.
Question: Is "set client-class" documented anywhere, and can I safely
omit this?
Thanks,
Ole
--
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
More information about the dhcp-users
mailing list