shared-network

Laszlo Fekete blackluck at ktk.bme.hu
Sun Nov 14 15:11:14 UTC 2010 

On 11/14/2010 03:20 PM, Glenn Satchell wrote:
> On 15/11/10 12:42 AM, Laszlo Fekete wrote:
>>
>>
>> On 11/12/2010 12:23 PM, Niall O'Reilly wrote:
>>> On 11 Nov 2010, at 18:07, Laszlo Fekete wrote:
>>>
>>>> Just another question: I have some clients without fixed address and
>>>> they get ip dynamically from 192.168.5.0/24 , so this stored in
>>>> dcpd.leases. But later give them fixed address from 160.1.2.0/26.
>>>> Is it
>>>> possible if the client don't send dhcpdiscover just dhcprequest
>>>> with the
>>>> dinamic ip, than the dhcp server give ip from static pool even if
>>>> there
>>>> is a lease in leases file or delete the lease which mac address has a
>>>> fixed address in dhcpd.conf at dhcpd reload/restart?
>>>     You'll probably need complementary 'deny' statements in the
>>>     corresponding pools.  Here's what we do.
>>>
>>>      shared-network some-name {
>>>
>>>          subnet 137.43.162.0 netmask 255.255.255.0 {
>>>              option subnet-mask 255.255.255.0;
>>>              option routers 137.43.162.1;
>>>              pool {
>>>                  range 137.43.162.129 137.43.162.190;
>>>                  deny unknown clients;
>>>                  max-lease-time 7200;
>>>              }
>>>          }
>>>
>>>          subnet 10.137.162.0 netmask 255.255.255.0 {
>>>              option subnet-mask 255.255.255.0;
>>>              option routers 10.137.162.1;
>>>              pool {
>>>                  range 10.137.162.65 10.137.162.94;
>>>                  deny known clients;
>>>                  max-lease-time 600;
>>>              }
>>>          }
>>>      }
>> This isn't working. Dhcpd  don't care about fixed address if there is a
>> dynamic lease in leases file.
>> Is there an option, that first check fixed adresses or delete lease
>> which has a mac address with fixed address?
>>
>
> If the client requests an IP address that is on a valid subnet for the
> client, then dhcpd will renew it. I believe this is in the relevant
> RFC (rfc2131?) as part of the strategy of allowing a client to keep an
> IP address as long as possible.
>
> So if a given client currently has a valid dynamic address, and you
> want it to switch then you need to temporarily deny that IP, so that
> it will be forced to go back to DHCPDISCOVER. Then it will see the
> fixed-address settings. eg:
>
> If you're using IPv6 the the length of the substring should be
> appropriately longer :)
>
> The match string consists of 3 bytes of IP address (c0:a8:5 =
> 192.168.5) followed by the hardware address, which is 1 followed by
> the mac address. Yes, it's evil.
>
> # must be authoritative to send DHCPNAK
> authoritative;
>
> class "blocked-ips" {
>     match concat(substring(leased-address, 0, 3), hardware);
>     deny booting;
> }
>
> sub-class "blocked-ips" c0:a8:5:1:aa:bb:cc:dd:ee:ff
> sub-class "blocked-ips" c0:a8:5:1:01:02:03:04:05:06
> # repeat as required ...
Little complicated...so I would be happy if the client send
DHCPDISCOVER, then get the fixed address. Because now sometimes dhcp
server give back the dynamic address at DHCPDISCOVER.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20101114/ab16dff3/attachment.bin>

More information about the dhcp-users mailing list