Permit/Deny MAC Addresses per subnet
Ryan Harden
hardenrm at illinois.edu
Fri Jul 31 20:21:22 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I have an interesting problem that I'd like suggestions on how to resolve.
I need to build a DHCP server that will serve a few hundred subnets.
There are specific security requirements for each of these subnets.
There are a handful of techs that have permission to work on each or
some of these subnets. I need each tech to be able to DHCP from a small
pool within each subnet. So I need some MAC addresses to be allowed on
certain subnets, but not others.
I had originally planned on creating separate files for each group of
allowed MAC addresses and $INCLUDE-ing these files within the subnets
for which the groups are allowed. Having done so, I'm reminded by the
'dhcpd -t' command that a "host" statement is allowed exactly once and
is global regardless of context within within the dhcpd.conf file.
So I actually have two problems:
1) A MAC address can only show up once within dhcpd.conf.
2) All "host" entries are global, which leads me to believe that if a
client matches a "host" entry anywhere in the file, it will be able to
request an address for any "subnet" configured therein.
I run several ISC-DHCPD servers now but am unable to come up with a
solution to my problem given my current knowledge of dhcpd.conf.
Are my assumptions correct? Suggestions??
/Ryan
- --
Ryan M. Harden, BS, KC9IHX Office: 217-265-5192
CITES - Network Engineering Cell: 630-363-0365
2130 Digital Computer Lab Fax: 217-244-7089
1304 W. Springfield email: hardenrm at illinois.edu
Urbana, IL 61801
University of Illinois - Urbana/Champaign
University of Illinois - ICCN
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD4DBQFKc1JCtuPckBBbXboRAv0FAJ4+l062yjor2U9V3q/XsIB8cext7QCXc6my
px68zz7yeyNyOsYGKv6a/w==
=MC/s
-----END PGP SIGNATURE-----
More information about the dhcp-users
mailing list