[DHCP] RE: Determining request

Jonathan Lassoff jof at thejof.com
Wed Jan 6 04:19:59 UTC 2010 

Excerpts from Ashley M. Kirchner's message of Tue Jan 05 19:37:58 -0800 2010:
> Glenn Satchell wrote:
> > If you wanted to keep it real low-tech you could even add another NIC
> > to the Fedora box, a small hub or switch and plug the WAPs into that.
> > Then use a different IP address range for that.
> >   
>     No, they need to remain in the same subnet as everything else.  All 
> I want to do is to not allow unknown *wired* devices automatically 
> getting shoved into the wireless pool because it does allow unknown 
> devices.  That's what DHCPd is doing right now.

It's clear that DHCPD isn't working for you, but what people are
proposing are possible solutions.

At some point dhcpd is going to need some piece of data that it can
differentiate on (is this a "wired" client or a "wireless" one). If I
understand it right, in the setup you're describing, both the wired and
wireless clients are in the same Ethernet LAN / broadcast domain. In
this case, when a new client with no cached lease comes online and makes
a request, the only unique thing the LAN-local DHCP server is going to
see is the MAC address of the transmitting interface.

Is there a way for you to differentiate the MAC addresses in this case?
Perhaps by looking at the vendor/OUI ID? In 802.3 Ethernet, if the
second-to-least significant bit in the first byte is set to 0, then the
first three logical bytes of the burned-into-hardware MAC address map to
what the IEEE calls an "Organizationally Unique Identifier". Perhaps all
your wired or wireless NICs are from the same vendor and have the same
OUI in their addresses?

Alternatively, some modern managed switches have a DHCP Relay agent
built in that will tag the request it sends to your DHCP server with the
IP of the router interface that received the request. In this case, if
the router interface is on a different network (say, "wireless"), you
can use this unique identifier to differentiate between requests
received on the "wired" vs. "wireless" subnets.

If you absolutely, positively, couldn't split the subnets, a crazy hack
perhaps would be to add a hook into the dhcpd code to use SNMP to poll
your switch to find from which port it learned the MAC address of the
requesting client, and then differentiate based on that information.

Cheers,
jonathan

More information about the dhcp-users mailing list