SUBJECT: Trying and failing to assign same IP address to a host

Sten Carlsen stenc at s-carlsen.dk
Tue Feb 9 16:14:22 UTC 2016


Would using ClientID be possible?

On 09/02/2016 16:42, David Elliott wrote:
> Desired outcome: Assign same IP address to a VPN client by hostname
> every time.
>
> Situation: The Cisco ASA VPN firewall does pass the hostname in the
> DHCP Discover, but does not provide the VPN client's MAC address (it
> provides the Cisco ASA MAC adress).
>
> What happens: The PCIVWS01 client gets correct ip address
> 172.16.147.131 first time (and it is written in LEASES file).  Second
> time the VPN client connected, it got DIFFERENT address:
> 172.16.147.105. Third time it got 172.16.147.151. 
>
> What I tried: I commented out the lease for 172.16.147.131 in the
> /var/lib/dhcp/dhcpd.leases fileand restarted dhcpd service, and the
> PCIVWS01 VPN client got 172.16.147.131 again!
>
>
> What must I do so  hostname PCIVWS01  always gets 172.16.147.131 ?
>
> ========= dhcpd.conf (with example comments removed)==================
> ddns-update-style none;
>
> # option definitions common to all supported networks...
> option domain-name "lifeway.org <http://lifeway.org>";
> option domain-name-servers 172.16.41.24, 172.16.41.32;
>
> default-lease-time 86400;
> max-lease-time 604800;
>
> log-facility local7;
>
> subnet 172.16.46.30 netmask 255.255.255.255 {
> }
>
> subnet 172.17.10.0 netmask 255.255.254.0 {
> ## dhcp start and end IP range ##
> # Test SAND environment
> authoritative;
>         range 172.17.10.76 172.17.10.199;
> option subnet-mask 255.255.254.0;
> option broadcast-address 172.17.10.255;
> option routers 172.17.10.1;
>
>         host test-Elliott-Lenovo {
>           hardware ethernet 00:26:18:23:D1:F6;
>           fixed-address 172.17.10.100;
>         }     
> }
> # Classes to specify Ridgecrest PCIClient VPN clients
> class "PCIVRC01"{
> match if substring (option host-name, 0,8)="PCIVRC01";
> }
> class "PCIVRC02"{
> match if substring (option host-name, 0,8)="PCIVRC02";
> }
> class "PCIVRC03"{
> match if substring (option host-name, 0,8)="PCIVRC03";
> }
> class "PCIVRC04"{
> match if substring (option host-name, 0,8)="PCIVRC04";
> }
> class "PCIVRC05"{
> match if substring (option host-name, 0,8)="PCIVRC05";
> }
> class "TESTRCC"{
> match if substring (option host-name, 0,9)="A00014061";
> }
> class "PCIVRCXX"{
> match if substring (option host-name, 0,6)="PCIVRC";
> spawn with option host-name;
> }
> #
> class "PCIVWS01"{
> match if substring (option host-name, 0,8)="PCIVWS01";
> }
> class "PCIVWS02"{
> match if substring (option host-name, 0,8)="PCIVWS02";
> }
> class "PCIVWS03"{
> match if substring (option host-name, 0,8)="PCIVWS03";
> }
> class "PCIVWS04"{
> match if substring (option host-name, 0,8)="PCIVWS04";
> }
> class "PCIVWS05"{
> match if substring (option host-name, 0,8)="PCIVWS05";
> }
> #class "TESTWS"{
> #match if substring (option host-name, 0,8)="A00014061";
> #}
> class "PCIVWSXX"{
> match if substring (option host-name, 0,6)="PCIVWS";
> spawn with option host-name;
> }
>
>
> subnet 172.16.147.0 netmask 255.255.255.0 {
>         # PCI VPN Client
>         authoritative;
>         #range 172.16.147.64 172.16.147.127;
>         option subnet-mask 255.255.255.0;
>         option broadcast-address 172.17.147.255;
>         option routers 172.16.147.50;
>  # Specifically named PCIVRC - Ridgecrest PCIVPN clients get these
> reserved addresses
>     pool {
>     allow members of "PCIVRC01";
>     range 172.16.147.51 172.16.147.51;
>     }
>     pool {
>     allow members of "PCIVRC02";
>     range 172.16.147.52 172.16.147.52;
>     }
>     pool {
>     allow members of "PCIVRC03";
>     range 172.16.147.53 172.16.147.53;
>     }
>     pool {
>     allow members of "PCIVRC04";
>     range 172.16.147.54 172.16.147.54;
>     }
>     pool {
>     allow members of "PCIVRC05";
>     range 172.16.147.55 172.16.147.55;
>     }
>     pool {
>     allow members of "TESTRCC";
>     range 172.16.147.63 172.16.147.63;
>     }
> # Any PCIVRC - Ridgecrest PCIVPN clients get these addresses
>     pool {
>     allow members of "PCIVRCXX";
>     range 172.16.147.64 172.16.147.127;
>     }
> # Specifically named PCIVWS - WordSearch PCIVPN clients get these
> reserved addresses
>     pool {
>     allow members of "PCIVWS01";
>     range 172.16.147.131 172.16.147.131;
>     }
>     pool {
>     allow members of "PCIVWS02";
>     range 172.16.147.132 172.16.147.132;
>     }
>     pool {
>     allow members of "PCIVWS03";
>     range 172.16.147.133 172.16.147.133;
>     }
>     pool {
>     allow members of "PCIVWS04";
>     range 172.16.147.134 172.16.147.134;
>     }
>     pool {
>     allow members of "PCIVWS05";
>     range 172.16.147.135 172.16.147.135;
>     }
> #    pool {
> #    allow members of "TESTWS";
> #    range 172.16.147.149 172.16.147.149;
> #    }
> # Any PCIVWS - WordSearch PCIVPN clients get these addresses
>     pool {
>     allow members of "PCIVWSXX";
>     range 172.16.147.150 172.16.147.179;
>     }
> }
>
> =============LEASES============================
>
> root at lwydhcpndcp01:/var/lib/dhcp# more dhcpd.leases
> # The format of this file is documented in the dhcpd.leases(5) manual
> page.
> # This lease file was written by isc-dhcp-4.1-ESV-R4
>
> lease 172.16.147.63 {
>   starts 3 2016/02/03 12:16:57;
>   ends 3 2016/02/03 19:05:55;
>   tstp 3 2016/02/03 19:05:55;
>   cltt 3 2016/02/03 12:16:57;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406137-Trusted\000";
> }
> lease 172.16.147.64 {
>   starts 3 2015/11/25 16:07:14;
>   ends 3 2015/11/25 16:09:14;
>   tstp 3 2015/11/25 16:09:14;
>   cltt 3 2015/11/25 16:07:14;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A000140612-Trusted\000";
>   client-hostname "A00014061";
> }
> lease 172.16.147.65 {
>   starts 1 2015/11/30 14:31:25;
>   ends 1 2015/11/30 14:33:25;
>   tstp 1 2015/11/30 14:33:25;
>   cltt 1 2015/11/30 14:31:25;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A000140613-Trusted\000";
>   client-hostname "A00014061";
> }
> lease 172.16.147.66 {
>   starts 1 2015/11/30 19:43:57;
>   ends 1 2015/11/30 19:45:57;
>   tstp 1 2015/11/30 19:45:57;
>   cltt 1 2015/11/30 19:43:57;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406110-Trusted\000";
>   client-hostname "A00014061";
> }
> lease 172.16.147.67 {
>   starts 2 2015/12/01 22:23:21;
>   ends 2 2015/12/01 22:25:21;
>   tstp 2 2015/12/01 22:25:21;
>   cltt 2 2015/12/01 22:23:21;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406125-Trusted\000";
>   client-hostname "A00014061";
> }
> lease 172.16.147.68 {
>   starts 1 2015/12/14 18:20:41;
>   ends 1 2015/12/14 18:47:04;
>   tstp 1 2015/12/14 18:47:04;
>   cltt 1 2015/12/14 18:20:41;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406126-PCIClientVPN-147\000";
> }
> lease 172.16.147.69 {
>   starts 1 2015/12/14 18:47:55;
>   ends 1 2015/12/14 19:07:06;
>   tstp 1 2015/12/14 19:07:06;
>   cltt 1 2015/12/14 18:47:55;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406127-PCIClientVPN-147\000";
> }
> lease 172.16.147.70 {
>   starts 1 2015/12/14 19:07:52;
>   ends 1 2015/12/14 19:09:32;
>   tstp 1 2015/12/14 19:09:32;
>   cltt 1 2015/12/14 19:07:52;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406128-PCIClientVPN-147\000";
> }
> lease 172.16.147.71 {
>   starts 1 2015/12/21 19:07:55;
>   ends 2 2015/12/22 05:08:20;
>   tstp 2 2015/12/22 05:08:20;
>   cltt 1 2015/12/21 19:07:55;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-A0001406129-PCIClientVPN-147\000";
> }
> lease 172.16.147.131 {
>   starts 1 2016/02/08 16:00:43;
>   ends 1 2016/02/08 18:04:35;
>   tstp 1 2016/02/08 18:04:35;
>   cltt 1 2016/02/08 16:00:43;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-PCIVWS0138-Trusted\000";
> }
> lease 172.17.10.76 {
>   starts 2 2015/09/01 20:52:14;
>   ends 3 2015/09/02 19:57:43;
>   tstp 3 2015/09/02 19:57:43;
>   cltt 2 2015/09/01 20:52:14;
>   binding state free;
>   hardware ethernet 00:26:18:23:d1:f6;
>   uid "\001\000&\030#\321\366";
> }
> lease 172.17.10.77 {
>   starts 1 2016/02/08 12:57:11;
>   ends 2 2016/02/09 12:57:11;
>   cltt 1 2016/02/08 12:57:11;
>   binding state active;
>   next binding state free;
>   hardware ethernet 00:50:56:9c:1a:1a;
>   client-hostname "ubuntu-1204-kln";
> }
> server-duid "\000\001\000\001\035x\310\335\000PV\220\327|";
>
> lease 172.16.147.150 {
>   starts 1 2016/02/08 18:11:55;
>   ends 2 2016/02/09 18:11:55;
>   cltt 1 2016/02/08 18:11:55;
>   binding state active;
>   next binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";
>   client-hostname "PCIVWS01";
> }
> lease 172.16.147.150 {
>   starts 1 2016/02/08 18:11:55;
>   ends 1 2016/02/08 18:20:58;
>   tstp 1 2016/02/08 18:20:58;
>   cltt 1 2016/02/08 18:11:55;
>   binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";
> }
> lease 172.16.147.151 {
>   starts 1 2016/02/08 18:21:58;
>   ends 2 2016/02/09 18:21:58;
>   cltt 1 2016/02/08 18:21:58;
>   binding state active;
>   next binding state free;
>   hardware ethernet 00:1b:d5:e8:eb:93;
>   uid "\000cisco-001b.d5e8.eb93-PCIVWS0140-Trusted\000";
>   client-hostname "PCIVWS01";
> }
> root at lwydhcpndcp01:/var/lib/dhcp#
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!" 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160209/317012a4/attachment-0001.html>


More information about the dhcp-users mailing list