How to restrict Windows XP DHCP clients to a specific subnet?
Ole Holm Nielsen
Ole.H.Nielsen at fysik.dtu.dk
Fri Jan 31 13:09:13 UTC 2014
We run the ISC DCHP version 4.1.1 server that comes with Red Hat RHEL
6.5 Linux. We grant DHCP leases only to known hosts, and we have files
with declarations of host names and their MAC addresses to achieve this.
We have a new challenge because we want to restrict all Windows XP PCs
(and we know who they are :-) to a specific VLAN subnet, where we want
to impose strict firewall rules. If a user connects his XP PC to any
other VLAN subnet, the DHCP server must ignore this client.
I've searched unsuccessfully for a dhcpd.conf configuration example
implementing this desired goal:
1. Define a subnet which *only* permits a certain list of host
declarations (i.e., my XP PCs) to get a lease.
2. In all other subnets, the XP PCs *must not* get a lease.
Whatever I've tried, it seems that XP hosts receive leases on every
subnet, which they shouldn't.
Question 1: How do I prevent a group of hosts (the list of XP PCs) from
getting a lease on every subnet?
I've been reading the DHCP Handbook (2nd ed.) without getting any closer
to my goal. Neither groups nor classes appear to solve the problem (I'm
not that experienced with DHCP).
Question 2: Does anyone have an example dhcpd.conf which can separate
lists of hosts into different groups, and then allowing/disallowing
those groups within specific subnets?
I'm sure there are lots of people trying to solve the upcoming Windows
XP End-of-life situation, so any insights on how to cope with this from
the network perspective will be much appreciated.
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
More information about the dhcp-users