shared-network
Laszlo Fekete
blackluck at ktk.bme.hu
Sun Nov 14 15:11:14 UTC 2010
On 11/14/2010 03:20 PM, Glenn Satchell wrote:
> On 15/11/10 12:42 AM, Laszlo Fekete wrote:
>>
>>
>> On 11/12/2010 12:23 PM, Niall O'Reilly wrote:
>>> On 11 Nov 2010, at 18:07, Laszlo Fekete wrote:
>>>
>>>> Just another question: I have some clients without fixed address and
>>>> they get ip dynamically from 192.168.5.0/24 , so this stored in
>>>> dcpd.leases. But later give them fixed address from 160.1.2.0/26.
>>>> Is it
>>>> possible if the client don't send dhcpdiscover just dhcprequest
>>>> with the
>>>> dinamic ip, than the dhcp server give ip from static pool even if
>>>> there
>>>> is a lease in leases file or delete the lease which mac address has a
>>>> fixed address in dhcpd.conf at dhcpd reload/restart?
>>> You'll probably need complementary 'deny' statements in the
>>> corresponding pools. Here's what we do.
>>>
>>> shared-network some-name {
>>>
>>> subnet 137.43.162.0 netmask 255.255.255.0 {
>>> option subnet-mask 255.255.255.0;
>>> option routers 137.43.162.1;
>>> pool {
>>> range 137.43.162.129 137.43.162.190;
>>> deny unknown clients;
>>> max-lease-time 7200;
>>> }
>>> }
>>>
>>> subnet 10.137.162.0 netmask 255.255.255.0 {
>>> option subnet-mask 255.255.255.0;
>>> option routers 10.137.162.1;
>>> pool {
>>> range 10.137.162.65 10.137.162.94;
>>> deny known clients;
>>> max-lease-time 600;
>>> }
>>> }
>>> }
>> This isn't working. Dhcpd don't care about fixed address if there is a
>> dynamic lease in leases file.
>> Is there an option, that first check fixed adresses or delete lease
>> which has a mac address with fixed address?
>>
>
> If the client requests an IP address that is on a valid subnet for the
> client, then dhcpd will renew it. I believe this is in the relevant
> RFC (rfc2131?) as part of the strategy of allowing a client to keep an
> IP address as long as possible.
>
> So if a given client currently has a valid dynamic address, and you
> want it to switch then you need to temporarily deny that IP, so that
> it will be forced to go back to DHCPDISCOVER. Then it will see the
> fixed-address settings. eg:
>
> If you're using IPv6 the the length of the substring should be
> appropriately longer :)
>
> The match string consists of 3 bytes of IP address (c0:a8:5 =
> 192.168.5) followed by the hardware address, which is 1 followed by
> the mac address. Yes, it's evil.
>
> # must be authoritative to send DHCPNAK
> authoritative;
>
> class "blocked-ips" {
> match concat(substring(leased-address, 0, 3), hardware);
> deny booting;
> }
>
> sub-class "blocked-ips" c0:a8:5:1:aa:bb:cc:dd:ee:ff
> sub-class "blocked-ips" c0:a8:5:1:01:02:03:04:05:06
> # repeat as required ...
Little complicated...so I would be happy if the client send
DHCPDISCOVER, then get the fixed address. Because now sometimes dhcp
server give back the dynamic address at DHCPDISCOVER.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20101114/ab16dff3/attachment.bin>
More information about the dhcp-users
mailing list