SUBJECT: Trying and failing to assign same IP address to a host
David Elliott
david.elliott at lifeway.com
Tue Feb 9 15:42:41 UTC 2016
Desired outcome: Assign same IP address to a VPN client by hostname every
time.
Situation: The Cisco ASA VPN firewall does pass the hostname in the DHCP
Discover, but does not provide the VPN client's MAC address (it provides
the Cisco ASA MAC adress).
What happens: The PCIVWS01 client gets correct ip address 172.16.147.131
first time (and it is written in LEASES file). Second time the VPN client
connected, it got DIFFERENT address: 172.16.147.105. Third time it got
172.16.147.151.
What I tried: I commented out the lease for 172.16.147.131 in the
/var/lib/dhcp/dhcpd.leases fileand restarted dhcpd service, and the
PCIVWS01 VPN client got 172.16.147.131 again!
What must I do so hostname PCIVWS01 always gets 172.16.147.131 ?
========= dhcpd.conf (with example comments removed)==================
ddns-update-style none;
# option definitions common to all supported networks...
option domain-name "lifeway.org";
option domain-name-servers 172.16.41.24, 172.16.41.32;
default-lease-time 86400;
max-lease-time 604800;
log-facility local7;
subnet 172.16.46.30 netmask 255.255.255.255 {
}
subnet 172.17.10.0 netmask 255.255.254.0 {
## dhcp start and end IP range ##
# Test SAND environment
authoritative;
range 172.17.10.76 172.17.10.199;
option subnet-mask 255.255.254.0;
option broadcast-address 172.17.10.255;
option routers 172.17.10.1;
host test-Elliott-Lenovo {
hardware ethernet 00:26:18:23:D1:F6;
fixed-address 172.17.10.100;
}
}
# Classes to specify Ridgecrest PCIClient VPN clients
class "PCIVRC01"{
match if substring (option host-name, 0,8)="PCIVRC01";
}
class "PCIVRC02"{
match if substring (option host-name, 0,8)="PCIVRC02";
}
class "PCIVRC03"{
match if substring (option host-name, 0,8)="PCIVRC03";
}
class "PCIVRC04"{
match if substring (option host-name, 0,8)="PCIVRC04";
}
class "PCIVRC05"{
match if substring (option host-name, 0,8)="PCIVRC05";
}
class "TESTRCC"{
match if substring (option host-name, 0,9)="A00014061";
}
class "PCIVRCXX"{
match if substring (option host-name, 0,6)="PCIVRC";
spawn with option host-name;
}
#
class "PCIVWS01"{
match if substring (option host-name, 0,8)="PCIVWS01";
}
class "PCIVWS02"{
match if substring (option host-name, 0,8)="PCIVWS02";
}
class "PCIVWS03"{
match if substring (option host-name, 0,8)="PCIVWS03";
}
class "PCIVWS04"{
match if substring (option host-name, 0,8)="PCIVWS04";
}
class "PCIVWS05"{
match if substring (option host-name, 0,8)="PCIVWS05";
}
#class "TESTWS"{
#match if substring (option host-name, 0,8)="A00014061";
#}
class "PCIVWSXX"{
match if substring (option host-name, 0,6)="PCIVWS";
spawn with option host-name;
}
subnet 172.16.147.0 netmask 255.255.255.0 {
# PCI VPN Client
authoritative;
#range 172.16.147.64 172.16.147.127;
option subnet-mask 255.255.255.0;
option broadcast-address 172.17.147.255;
option routers 172.16.147.50;
# Specifically named PCIVRC - Ridgecrest PCIVPN clients get these reserved
addresses
pool {
allow members of "PCIVRC01";
range 172.16.147.51 172.16.147.51;
}
pool {
allow members of "PCIVRC02";
range 172.16.147.52 172.16.147.52;
}
pool {
allow members of "PCIVRC03";
range 172.16.147.53 172.16.147.53;
}
pool {
allow members of "PCIVRC04";
range 172.16.147.54 172.16.147.54;
}
pool {
allow members of "PCIVRC05";
range 172.16.147.55 172.16.147.55;
}
pool {
allow members of "TESTRCC";
range 172.16.147.63 172.16.147.63;
}
# Any PCIVRC - Ridgecrest PCIVPN clients get these addresses
pool {
allow members of "PCIVRCXX";
range 172.16.147.64 172.16.147.127;
}
# Specifically named PCIVWS - WordSearch PCIVPN clients get these reserved
addresses
pool {
allow members of "PCIVWS01";
range 172.16.147.131 172.16.147.131;
}
pool {
allow members of "PCIVWS02";
range 172.16.147.132 172.16.147.132;
}
pool {
allow members of "PCIVWS03";
range 172.16.147.133 172.16.147.133;
}
pool {
allow members of "PCIVWS04";
range 172.16.147.134 172.16.147.134;
}
pool {
allow members of "PCIVWS05";
range 172.16.147.135 172.16.147.135;
}
# pool {
# allow members of "TESTWS";
# range 172.16.147.149 172.16.147.149;
# }
# Any PCIVWS - WordSearch PCIVPN clients get these addresses
pool {
allow members of "PCIVWSXX";
range 172.16.147.150 172.16.147.179;
}
}
=============LEASES============================
root at lwydhcpndcp01:/var/lib/dhcp# more dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.1-ESV-R4
lease 172.16.147.63 {
starts 3 2016/02/03 12:16:57;
ends 3 2016/02/03 19:05:55;
tstp 3 2016/02/03 19:05:55;
cltt 3 2016/02/03 12:16:57;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406137-Trusted\000";
}
lease 172.16.147.64 {
starts 3 2015/11/25 16:07:14;
ends 3 2015/11/25 16:09:14;
tstp 3 2015/11/25 16:09:14;
cltt 3 2015/11/25 16:07:14;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A000140612-Trusted\000";
client-hostname "A00014061";
}
lease 172.16.147.65 {
starts 1 2015/11/30 14:31:25;
ends 1 2015/11/30 14:33:25;
tstp 1 2015/11/30 14:33:25;
cltt 1 2015/11/30 14:31:25;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A000140613-Trusted\000";
client-hostname "A00014061";
}
lease 172.16.147.66 {
starts 1 2015/11/30 19:43:57;
ends 1 2015/11/30 19:45:57;
tstp 1 2015/11/30 19:45:57;
cltt 1 2015/11/30 19:43:57;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406110-Trusted\000";
client-hostname "A00014061";
}
lease 172.16.147.67 {
starts 2 2015/12/01 22:23:21;
ends 2 2015/12/01 22:25:21;
tstp 2 2015/12/01 22:25:21;
cltt 2 2015/12/01 22:23:21;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406125-Trusted\000";
client-hostname "A00014061";
}
lease 172.16.147.68 {
starts 1 2015/12/14 18:20:41;
ends 1 2015/12/14 18:47:04;
tstp 1 2015/12/14 18:47:04;
cltt 1 2015/12/14 18:20:41;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406126-PCIClientVPN-147\000";
}
lease 172.16.147.69 {
starts 1 2015/12/14 18:47:55;
ends 1 2015/12/14 19:07:06;
tstp 1 2015/12/14 19:07:06;
cltt 1 2015/12/14 18:47:55;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406127-PCIClientVPN-147\000";
}
lease 172.16.147.70 {
starts 1 2015/12/14 19:07:52;
ends 1 2015/12/14 19:09:32;
tstp 1 2015/12/14 19:09:32;
cltt 1 2015/12/14 19:07:52;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406128-PCIClientVPN-147\000";
}
lease 172.16.147.71 {
starts 1 2015/12/21 19:07:55;
ends 2 2015/12/22 05:08:20;
tstp 2 2015/12/22 05:08:20;
cltt 1 2015/12/21 19:07:55;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-A0001406129-PCIClientVPN-147\000";
}
lease 172.16.147.131 {
starts 1 2016/02/08 16:00:43;
ends 1 2016/02/08 18:04:35;
tstp 1 2016/02/08 18:04:35;
cltt 1 2016/02/08 16:00:43;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-PCIVWS0138-Trusted\000";
}
lease 172.17.10.76 {
starts 2 2015/09/01 20:52:14;
ends 3 2015/09/02 19:57:43;
tstp 3 2015/09/02 19:57:43;
cltt 2 2015/09/01 20:52:14;
binding state free;
hardware ethernet 00:26:18:23:d1:f6;
uid "\001\000&\030#\321\366";
}
lease 172.17.10.77 {
starts 1 2016/02/08 12:57:11;
ends 2 2016/02/09 12:57:11;
cltt 1 2016/02/08 12:57:11;
binding state active;
next binding state free;
hardware ethernet 00:50:56:9c:1a:1a;
client-hostname "ubuntu-1204-kln";
}
server-duid "\000\001\000\001\035x\310\335\000PV\220\327|";
lease 172.16.147.150 {
starts 1 2016/02/08 18:11:55;
ends 2 2016/02/09 18:11:55;
cltt 1 2016/02/08 18:11:55;
binding state active;
next binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";
client-hostname "PCIVWS01";
}
lease 172.16.147.150 {
starts 1 2016/02/08 18:11:55;
ends 1 2016/02/08 18:20:58;
tstp 1 2016/02/08 18:20:58;
cltt 1 2016/02/08 18:11:55;
binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";
}
lease 172.16.147.151 {
starts 1 2016/02/08 18:21:58;
ends 2 2016/02/09 18:21:58;
cltt 1 2016/02/08 18:21:58;
binding state active;
next binding state free;
hardware ethernet 00:1b:d5:e8:eb:93;
uid "\000cisco-001b.d5e8.eb93-PCIVWS0140-Trusted\000";
client-hostname "PCIVWS01";
}
root at lwydhcpndcp01:/var/lib/dhcp#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160209/ed6a362e/attachment.html>
More information about the dhcp-users
mailing list