[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] DHCP and specific IPs



On Fri, Nov 7, 2008 at 9:38 AM, Rob Owens <rob owens biochemfluidics com> wrote:
Doug Simpson wrote:
> Is there a way to make DHCP hand out IP addresses, but only to computers that we have the MAC addresses for? In other words, DHCP will hand out IP addresses, but only to a certain specified list of MAC addresses.
>
> I am wanting to stop people from bringing unauthorized equipment from home and connecting it to our network and if it don't get an IP address, it won't work.
>
> I already have the list of valid MAC addresses in the lease files for DHCP and I can weed out the ones that aren't ours.
>
> The DHCP I am running is running on a linux server if that makes a difference.
>

First you have to get rid of your dynamic IP assignment by removing the
"range" statement and anything associated with it.  On my system, that
would mean getting rid of the entire "shared-network WORKSTATIONS" section.

Then you have to manually map each MAC address to an IP address with
statements like this:

host pickahostname {
 hardware ethernet 00:00:00:00:00:00;  #put a real MAC address here
 fixed-address 192.168.1.100;  #each host needs a unique address here
}

But Nils is right, people can still assign a static IP address if they
know what network range you're using.  That is probably a worse
situation than you have now, because it is just asking for duplicate IP
addresses to happen.

-Rob
********************************************************

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the addressee, any disclosure, reproduction,
copying, distribution, or other dissemination or use of this transmission in
error please notify the sender immediately and then delete this e-mail.
E-mail transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted lost, destroyed, arrive late or
incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
in the contents of this message which arise as a result of e-mail
transmission. If verification is required please request a hard copy
version.

********************************************************

Doug,

Have a look at the man page for dhcpd.conf. But you should be able to create add a pool with in your ranged and then do an deny unknown_clients; unknown_clients are  those machines which do not have a host declaration in dhcpd.conf. So using your leases file and some gawk magic you should be able to generate a host declaration for each machine you have. You then may want to create another range and pool with bogus addresses that go no where and set that pool to allow unkown_clients;. Here is a link to an online copy of the above mentioned man page.http://www.linuxmanpages.com/man5/dhcpd.conf.5.php

HTH,
Ben

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]