<div dir="ltr"><div>Desired outcome: Assign same IP address to a VPN client by hostname every time.<br></div><div><br></div><div>Situation: The Cisco ASA VPN firewall does pass the hostname in the DHCP Discover, but does not provide the VPN client's MAC address (it provides the Cisco ASA MAC adress).</div><div><br></div><div>What happens: The PCIVWS01 client gets correct ip address 172.16.147.131 first time (and it is written in LEASES file). Second time the VPN client connected, it got DIFFERENT address: 172.16.147.105. Third time it got 172.16.147.151. </div><div><br></div><div>What I tried: I commented out the lease for 172.16.147.131 in the /var/lib/dhcp/dhcpd.leases fileand restarted dhcpd service, and the PCIVWS01 VPN client got 172.16.147.131 again!</div><div><br></div><div><br></div><div>What must I do so hostname PCIVWS01 always gets 172.16.147.131 ?</div><div><br></div><div>========= dhcpd.conf (with example comments removed)==================</div><div>ddns-update-style none;</div><div><br></div><div># option definitions common to all supported networks...</div><div>option domain-name "<a href="http://lifeway.org">lifeway.org</a>";</div><div>option domain-name-servers 172.16.41.24, 172.16.41.32;</div><div><br></div><div>default-lease-time 86400;</div><div>max-lease-time 604800;</div><div><br></div><div>log-facility local7;</div><div><br></div><div>subnet 172.16.46.30 netmask 255.255.255.255 {</div><div>}</div><div><br></div><div>subnet 172.17.10.0 netmask 255.255.254.0 {</div><div><span class="" style="white-space:pre"> </span>## dhcp start and end IP range ##</div><div><span class="" style="white-space:pre"> </span># Test SAND environment</div><div><span class="" style="white-space:pre"> </span>authoritative;</div><div> range 172.17.10.76 172.17.10.199;</div><div><span class="" style="white-space:pre"> </span>option subnet-mask 255.255.254.0;</div><div><span class="" style="white-space:pre"> </span>option broadcast-address 172.17.10.255;</div><div><span class="" style="white-space:pre"> </span>option routers 172.17.10.1;</div><div><br></div><div> host test-Elliott-Lenovo {</div><div> hardware ethernet 00:26:18:23:D1:F6;</div><div> fixed-address 172.17.10.100;</div><div> } </div><div>}</div><div># Classes to specify Ridgecrest PCIClient VPN clients</div><div>class "PCIVRC01"{</div><div>match if substring (option host-name, 0,8)="PCIVRC01";</div><div>}</div><div>class "PCIVRC02"{</div><div>match if substring (option host-name, 0,8)="PCIVRC02";</div><div>}</div><div>class "PCIVRC03"{</div><div>match if substring (option host-name, 0,8)="PCIVRC03";</div><div>}</div><div>class "PCIVRC04"{</div><div>match if substring (option host-name, 0,8)="PCIVRC04";</div><div>}</div><div>class "PCIVRC05"{</div><div>match if substring (option host-name, 0,8)="PCIVRC05";</div><div>}</div><div>class "TESTRCC"{</div><div>match if substring (option host-name, 0,9)="A00014061";</div><div>}</div><div>class "PCIVRCXX"{</div><div>match if substring (option host-name, 0,6)="PCIVRC";</div><div>spawn with option host-name;</div><div>}</div><div>#</div><div>class "PCIVWS01"{</div><div>match if substring (option host-name, 0,8)="PCIVWS01";</div><div>}</div><div>class "PCIVWS02"{</div><div>match if substring (option host-name, 0,8)="PCIVWS02";</div><div>}</div><div>class "PCIVWS03"{</div><div>match if substring (option host-name, 0,8)="PCIVWS03";</div><div>}</div><div>class "PCIVWS04"{</div><div>match if substring (option host-name, 0,8)="PCIVWS04";</div><div>}</div><div>class "PCIVWS05"{</div><div>match if substring (option host-name, 0,8)="PCIVWS05";</div><div>}</div><div>#class "TESTWS"{</div><div>#match if substring (option host-name, 0,8)="A00014061";</div><div>#}</div><div>class "PCIVWSXX"{</div><div>match if substring (option host-name, 0,6)="PCIVWS";</div><div>spawn with option host-name;</div><div>}</div><div><br></div><div><br></div><div>subnet 172.16.147.0 netmask 255.255.255.0 {</div><div> # PCI VPN Client</div><div> authoritative;</div><div> #range 172.16.147.64 172.16.147.127;</div><div> option subnet-mask 255.255.255.0;</div><div> option broadcast-address 172.17.147.255;</div><div> option routers 172.16.147.50;</div><div> # Specifically named PCIVRC - Ridgecrest PCIVPN clients get these reserved addresses</div><div> pool {</div><div> allow members of "PCIVRC01";</div><div> range 172.16.147.51 172.16.147.51;</div><div> }</div><div> pool {</div><div> allow members of "PCIVRC02";</div><div> range 172.16.147.52 172.16.147.52;</div><div> }</div><div> pool {</div><div> allow members of "PCIVRC03";</div><div> range 172.16.147.53 172.16.147.53;</div><div> }</div><div> pool {</div><div> allow members of "PCIVRC04";</div><div> range 172.16.147.54 172.16.147.54;</div><div> }</div><div> pool {</div><div> allow members of "PCIVRC05";</div><div> range 172.16.147.55 172.16.147.55;</div><div> }</div><div> pool {</div><div> allow members of "TESTRCC";</div><div> range 172.16.147.63 172.16.147.63;</div><div> }</div><div># Any PCIVRC - Ridgecrest PCIVPN clients get these addresses</div><div> pool {</div><div> allow members of "PCIVRCXX";</div><div> range 172.16.147.64 172.16.147.127;</div><div> }</div><div># Specifically named PCIVWS - WordSearch PCIVPN clients get these reserved addresses</div><div> pool {</div><div> allow members of "PCIVWS01";</div><div> range 172.16.147.131 172.16.147.131;</div><div> }</div><div> pool {</div><div> allow members of "PCIVWS02";</div><div> range 172.16.147.132 172.16.147.132;</div><div> }</div><div> pool {</div><div> allow members of "PCIVWS03";</div><div> range 172.16.147.133 172.16.147.133;</div><div> }</div><div> pool {</div><div> allow members of "PCIVWS04";</div><div> range 172.16.147.134 172.16.147.134;</div><div> }</div><div> pool {</div><div> allow members of "PCIVWS05";</div><div> range 172.16.147.135 172.16.147.135;</div><div> }</div><div># pool {</div><div># allow members of "TESTWS";</div><div># range 172.16.147.149 172.16.147.149;</div><div># }</div><div># Any PCIVWS - WordSearch PCIVPN clients get these addresses</div><div> pool {</div><div> allow members of "PCIVWSXX";</div><div> range 172.16.147.150 172.16.147.179;</div><div> }</div><div>}</div><div><br></div><div>=============LEASES============================</div><div><br></div><div>root@lwydhcpndcp01:/var/lib/dhcp# more dhcpd.leases</div><div># The format of this file is documented in the dhcpd.leases(5) manual page.</div><div># This lease file was written by isc-dhcp-4.1-ESV-R4</div><div><br></div><div>lease 172.16.147.63 {</div><div> starts 3 2016/02/03 12:16:57;</div><div> ends 3 2016/02/03 19:05:55;</div><div> tstp 3 2016/02/03 19:05:55;</div><div> cltt 3 2016/02/03 12:16:57;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406137-Trusted\000";</div><div>}</div><div>lease 172.16.147.64 {</div><div> starts 3 2015/11/25 16:07:14;</div><div> ends 3 2015/11/25 16:09:14;</div><div> tstp 3 2015/11/25 16:09:14;</div><div> cltt 3 2015/11/25 16:07:14;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A000140612-Trusted\000";</div><div> client-hostname "A00014061";</div><div>}</div><div>lease 172.16.147.65 {</div><div> starts 1 2015/11/30 14:31:25;</div><div> ends 1 2015/11/30 14:33:25;</div><div> tstp 1 2015/11/30 14:33:25;</div><div> cltt 1 2015/11/30 14:31:25;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A000140613-Trusted\000";</div><div> client-hostname "A00014061";</div><div>}</div><div>lease 172.16.147.66 {</div><div> starts 1 2015/11/30 19:43:57;</div><div> ends 1 2015/11/30 19:45:57;</div><div> tstp 1 2015/11/30 19:45:57;</div><div> cltt 1 2015/11/30 19:43:57;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406110-Trusted\000";</div><div> client-hostname "A00014061";</div><div>}</div><div>lease 172.16.147.67 {</div><div> starts 2 2015/12/01 22:23:21;</div><div> ends 2 2015/12/01 22:25:21;</div><div> tstp 2 2015/12/01 22:25:21;</div><div> cltt 2 2015/12/01 22:23:21;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406125-Trusted\000";</div><div> client-hostname "A00014061";</div><div>}</div><div>lease 172.16.147.68 {</div><div> starts 1 2015/12/14 18:20:41;</div><div> ends 1 2015/12/14 18:47:04;</div><div> tstp 1 2015/12/14 18:47:04;</div><div> cltt 1 2015/12/14 18:20:41;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406126-PCIClientVPN-147\000";</div><div>}</div><div>lease 172.16.147.69 {</div><div> starts 1 2015/12/14 18:47:55;</div><div> ends 1 2015/12/14 19:07:06;</div><div> tstp 1 2015/12/14 19:07:06;</div><div> cltt 1 2015/12/14 18:47:55;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406127-PCIClientVPN-147\000";</div><div>}</div><div>lease 172.16.147.70 {</div><div> starts 1 2015/12/14 19:07:52;</div><div> ends 1 2015/12/14 19:09:32;</div><div> tstp 1 2015/12/14 19:09:32;</div><div> cltt 1 2015/12/14 19:07:52;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406128-PCIClientVPN-147\000";</div><div>}</div><div>lease 172.16.147.71 {</div><div> starts 1 2015/12/21 19:07:55;</div><div> ends 2 2015/12/22 05:08:20;</div><div> tstp 2 2015/12/22 05:08:20;</div><div> cltt 1 2015/12/21 19:07:55;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-A0001406129-PCIClientVPN-147\000";</div><div>}</div><div>lease 172.16.147.131 {</div><div> starts 1 2016/02/08 16:00:43;</div><div> ends 1 2016/02/08 18:04:35;</div><div> tstp 1 2016/02/08 18:04:35;</div><div> cltt 1 2016/02/08 16:00:43;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-PCIVWS0138-Trusted\000";</div><div>}</div><div>lease 172.17.10.76 {</div><div> starts 2 2015/09/01 20:52:14;</div><div> ends 3 2015/09/02 19:57:43;</div><div> tstp 3 2015/09/02 19:57:43;</div><div> cltt 2 2015/09/01 20:52:14;</div><div> binding state free;</div><div> hardware ethernet 00:26:18:23:d1:f6;</div><div> uid "\001\000&\030#\321\366";</div><div>}</div><div>lease 172.17.10.77 {</div><div> starts 1 2016/02/08 12:57:11;</div><div> ends 2 2016/02/09 12:57:11;</div><div> cltt 1 2016/02/08 12:57:11;</div><div> binding state active;</div><div> next binding state free;</div><div> hardware ethernet 00:50:56:9c:1a:1a;</div><div> client-hostname "ubuntu-1204-kln";</div><div>}</div><div>server-duid "\000\001\000\001\035x\310\335\000PV\220\327|";</div><div><br></div><div>lease 172.16.147.150 {</div><div> starts 1 2016/02/08 18:11:55;</div><div> ends 2 2016/02/09 18:11:55;</div><div> cltt 1 2016/02/08 18:11:55;</div><div> binding state active;</div><div> next binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";</div><div> client-hostname "PCIVWS01";</div><div>}</div><div>lease 172.16.147.150 {</div><div> starts 1 2016/02/08 18:11:55;</div><div> ends 1 2016/02/08 18:20:58;</div><div> tstp 1 2016/02/08 18:20:58;</div><div> cltt 1 2016/02/08 18:11:55;</div><div> binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";</div><div>}</div><div>lease 172.16.147.151 {</div><div> starts 1 2016/02/08 18:21:58;</div><div> ends 2 2016/02/09 18:21:58;</div><div> cltt 1 2016/02/08 18:21:58;</div><div> binding state active;</div><div> next binding state free;</div><div> hardware ethernet 00:1b:d5:e8:eb:93;</div><div> uid "\000cisco-001b.d5e8.eb93-PCIVWS0140-Trusted\000";</div><div> client-hostname "PCIVWS01";</div><div>}</div><div>root@lwydhcpndcp01:/var/lib/dhcp#</div><div><br></div>
</div>