How to restrict Windows XP DHCP clients to a specific subnet?

Thu Feb 13 13:37:03 UTC 2014

On 02/13/2014 02:30 PM, Ole Holm Nielsen wrote:
> W.J.M. Nelis Wim.Nelis at nlr.nl wrote:
>>> We run the ISC DCHP version 4.1.1 server that comes with Red Hat RHEL 6.5
>>> Linux.  We grant DHCP leases only to known hosts, and we have files with
>>> declarations of host names and their MAC addresses to achieve this.
>>>
>>> We have a new challenge because we want to restrict all Windows XP PCs
>>> (and we know who they are :-) to a specific VLAN subnet, where we want to
>>> impose strict firewall rules.  If a user connects his XP PC to any other
>>> VLAN subnet, the DHCP server must ignore this client.
>>>
>>> I've searched unsuccessfully for a dhcpd.conf configuration example
>>> implementing this desired goal:
>>>
>>> 1. Define a subnet which *only* permits a certain list of host
>>> declarations (i.e., my XP PCs) to get a lease.
>>>
>>> 2. In all other subnets, the XP PCs *must not* get a lease.
>>
>> We are experimenting with an ISC DHCP configuration to achieve the goal you
>> describe. Currently the following seems to do the job:
>>
>> class "Claudus" {
>>          match hardware ;
>>          set client-class= "Claudus" ;
>> }
>
> I have searched in vain for the "set client-class" statement. Other 
> examples of classes I've seen don't seem to use this.
>
> Question: Is "set client-class" documented anywhere, and can I safely 
> omit this?

Yes, you can safely omit it. I've included it, as it results in an extra 
variable shown in the leases file. Thus there you can find in which class a 
client is put if you really need to know it. Sorry for the confusion: I 
should have removed this local optimisation.

Regards,
   Wim Nelis.

******************************************************************************************************************

The NLR disclaimer is valid for NLR e-mail messages.

This message is only meant for providing information. Nothing in this e-mail message amounts to a contractual
or legal commitment on the part of the sender.
This message may contain information that is not intended for you. If you are not the addressee or if this
message was sent to you by mistake, you are requested to inform the sender and delete the message.
Sender accepts no liability for damage of any kind resulting from the risks inherent in the electronic
transmission of messages.

******************************************************************************************************************