How to restrict Windows XP DHCP clients to a specific subnet?

Ole Holm Nielsen Ole.H.Nielsen at
Fri Jan 31 13:36:58 UTC 2014

Hi Wim,

W.J.M. Nelis Wim.Nelis at wrote:
> We are experimenting with an ISC DHCP configuration to achieve the goal you
> describe. Currently the following seems to do the job:
> class "Claudus" {
>          match hardware ;
>          set client-class= "Claudus" ;
> }
> subclass "Claudus" 1:00:21:70:6f:2f:78 ;
> subclass "Claudus" ......

Sounds really interesting!  Can you give more specific examples of the 
Claudus subclass definitions?  For example, we have some Windows XP 
client definitions like this one:

host camd-T61-25    { hardware ethernet 00:1A:6B:36:34:15; }

How would I incorporate this host into your subclass?

> subnet       netmask   {  # Claudus-net
>          option routers         ;
>          pool {
>                  allow members of "Claudus" ;
>                  deny dynamic bootp clients ;
>                  range ;
>          }
> }
> On *all* other pools define 'deny members of "Claudus"'. The result is that
> if a machine, mentioned in the subclass definition, requests an IP address
> in an allowed (and regulated) VLAN, an IP address is assigned. If this
> machine requests an IP address from any other VLAN, it will not get an IP
> address.


Ole Holm Nielsen
Department of Physics, Technical University of Denmark

More information about the dhcp-users mailing list