[K12OSN] DHCP and specific IPs
Ben Dailey
ben at inspiredtechs.com
Fri Nov 7 14:44:50 UTC 2008
On Fri, Nov 7, 2008 at 9:38 AM, Rob Owens <rob.owens at biochemfluidics.com>wrote:
> Doug Simpson wrote:
> > Is there a way to make DHCP hand out IP addresses, but only to computers
> that we have the MAC addresses for? In other words, DHCP will hand out IP
> addresses, but only to a certain specified list of MAC addresses.
> >
> > I am wanting to stop people from bringing unauthorized equipment from
> home and connecting it to our network and if it don't get an IP address, it
> won't work.
> >
> > I already have the list of valid MAC addresses in the lease files for
> DHCP and I can weed out the ones that aren't ours.
> >
> > The DHCP I am running is running on a linux server if that makes a
> difference.
> >
>
> First you have to get rid of your dynamic IP assignment by removing the
> "range" statement and anything associated with it. On my system, that
> would mean getting rid of the entire "shared-network WORKSTATIONS" section.
>
> Then you have to manually map each MAC address to an IP address with
> statements like this:
>
> host pickahostname {
> hardware ethernet 00:00:00:00:00:00; #put a real MAC address here
> fixed-address 192.168.1.100; #each host needs a unique address here
> }
>
> But Nils is right, people can still assign a static IP address if they
> know what network range you're using. That is probably a worse
> situation than you have now, because it is just asking for duplicate IP
> addresses to happen.
>
> -Rob
> ********************************************************
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. If you are not the addressee, any disclosure, reproduction,
> copying, distribution, or other dissemination or use of this transmission
> in
> error please notify the sender immediately and then delete this e-mail.
> E-mail transmission cannot be guaranteed to be secure or error free as
> information could be intercepted, corrupted lost, destroyed, arrive late or
> incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message which arise as a result of e-mail
> transmission. If verification is required please request a hard copy
> version.
>
> ********************************************************
Doug,
Have a look at the man page for dhcpd.conf. But you should be able to create
add a pool with in your ranged and then do an deny unknown_clients;
unknown_clients are those machines which do not have a host declaration in
dhcpd.conf. So using your leases file and some gawk magic you should be able
to generate a host declaration for each machine you have. You then may want
to create another range and pool with bogus addresses that go no where and
set that pool to allow unkown_clients;. Here is a link to an online copy of
the above mentioned man page.
http://www.linuxmanpages.com/man5/dhcpd.conf.5.php
HTH,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20081107/0d6a837b/attachment.htm>
More information about the K12OSN
mailing list