How to restrict Windows XP DHCP clients to a specific subnet?

[Ole Holm Nielsen]

We run the ISC DCHP version 4.1.1 server that comes with Red Hat RHEL 
6.5 Linux.  We grant DHCP leases only to known hosts, and we have files 
with declarations of host names and their MAC addresses to achieve this.

We have a new challenge because we want to restrict all Windows XP PCs 
(and we know who they are :-) to a specific VLAN subnet, where we want 
to impose strict firewall rules.  If a user connects his XP PC to any 
other VLAN subnet, the DHCP server must ignore this client.

I've searched unsuccessfully for a dhcpd.conf configuration example 
implementing this desired goal:

1. Define a subnet which *only* permits a certain list of host 
declarations (i.e., my XP PCs) to get a lease.

2. In all other subnets, the XP PCs *must not* get a lease.

Whatever I've tried, it seems that XP hosts receive leases on every 
subnet, which they shouldn't.

Question 1: How do I prevent a group of hosts (the list of XP PCs) from 
getting a lease on every subnet?

I've been reading the DHCP Handbook (2nd ed.) without getting any closer 
to my goal.  Neither groups nor classes appear to solve the problem (I'm 
not that experienced with DHCP).

Question 2: Does anyone have an example dhcpd.conf which can separate 
lists of hosts into different groups, and then allowing/disallowing 
those groups within specific subnets?

I'm sure there are lots of people trying to solve the upcoming Windows 
XP End-of-life situation, so any insights on how to cope with this from 
the network perspective will be much appreciated.

Thanks,
Ole

-- 
Ole Holm Nielsen
Department of Physics, Technical University of Denmark