shared-network

Glenn Satchell glenn.satchell at uniq.com.au
Sun Nov 14 14:20:49 UTC 2010 

On 15/11/10 12:42 AM, Laszlo Fekete wrote:
>
>
> On 11/12/2010 12:23 PM, Niall O'Reilly wrote:
>> On 11 Nov 2010, at 18:07, Laszlo Fekete wrote:
>>
>>> Just another question: I have some clients without fixed address and
>>> they get ip dynamically from 192.168.5.0/24 , so this stored in
>>> dcpd.leases. But later give them fixed address from 160.1.2.0/26. Is it
>>> possible if the client don't send dhcpdiscover just dhcprequest with the
>>> dinamic ip, than the dhcp server give ip from static pool even if there
>>> is a lease in leases file or delete the lease which mac address has a
>>> fixed address in dhcpd.conf at dhcpd reload/restart?
>> 	You'll probably need complementary 'deny' statements in the
>> 	corresponding pools.  Here's what we do.
>>
>>      shared-network some-name {
>>
>>          subnet 137.43.162.0 netmask 255.255.255.0 {
>>              option subnet-mask 255.255.255.0;
>>              option routers 137.43.162.1;
>>              pool {
>>                  range 137.43.162.129 137.43.162.190;
>>                  deny unknown clients;
>>                  max-lease-time 7200;
>>              }
>>          }
>>
>>          subnet 10.137.162.0 netmask 255.255.255.0 {
>>              option subnet-mask 255.255.255.0;
>>              option routers 10.137.162.1;
>>              pool {
>>                  range 10.137.162.65 10.137.162.94;
>>                  deny known clients;
>>                  max-lease-time 600;
>>              }
>>          }
>>      }
> This isn't working. Dhcpd  don't care about fixed address if there is a
> dynamic lease in leases file.
> Is there an option, that first check fixed adresses or delete lease
> which has a mac address with fixed address?
>

If the client requests an IP address that is on a valid subnet for the 
client, then dhcpd will renew it. I believe this is in the relevant RFC 
(rfc2131?) as part of the strategy of allowing a client to keep an IP 
address as long as possible.

So if a given client currently has a valid dynamic address, and you want 
it to switch then you need to temporarily deny that IP, so that it will 
be forced to go back to DHCPDISCOVER. Then it will see the fixed-address 
settings. eg:

If you're using IPv6 the the length of the substring should be 
appropriately longer :)

The match string consists of 3 bytes of IP address (c0:a8:5 = 192.168.5) 
followed by the hardware address, which is 1 followed by the mac 
address. Yes, it's evil.

# must be authoritative to send DHCPNAK
authoritative;

class "blocked-ips" {
	match concat(substring(leased-address, 0, 3), hardware);
	deny booting;
}

sub-class "blocked-ips" c0:a8:5:1:aa:bb:cc:dd:ee:ff
sub-class "blocked-ips" c0:a8:5:1:01:02:03:04:05:06
# repeat as required ...

-- 
regards,
-glenn
--
Glenn Satchell                            |  Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia   |  do at work Dad?
mailto:glenn.satchell at uniq.com.au         |  Miss 6: He just
http://www.uniq.com.au tel:0409-458-580   |  types random stuff.

More information about the dhcp-users mailing list