[rhelv6-list] dhcpd question: limiting scope to mac address identifiers
solarflow99
solarflow99 at gmail.com
Sun Jan 6 23:13:57 UTC 2013
hmm, looks like that did it. now its ignoring all the client dhcp
requests except from the correct ones.
Thanks,
On Thu, Jan 3, 2013 at 10:50 PM, Greg Swift <greg at nytefyre.net> wrote:
> are you using non-authoritative ? I'm not sure exact way to implement it in
> your environment, but it might work.
>
> -greg
>
>
> On Thu, Jan 3, 2013 at 8:20 PM, solarflow99 <solarflow99 at gmail.com> wrote:
>>
>> Thanks for the tip, I got it working, but still couldn't stop the dhcp
>> servers from interfering with each other. I see a lot of messages
>> like this in syslog:
>>
>> DHCPDISCOVER from 1c:b0:94:31:20:98 via eth0: network 192.168.2.0/24:
>> no free leases
>>
>> It might be a client side problem for not ignoring the NAK offer and
>> picking up the right one from the other dhcp server, since some
>> clients do work.
>>
>>
>>
>>
>> On Fri, Dec 28, 2012 at 9:21 AM, Greg Swift <greg at nytefyre.net> wrote:
>> >
>> >
>> >
>> > On Thu, Dec 27, 2012 at 7:41 PM, solarflow99 <solarflow99 at gmail.com>
>> > wrote:
>> >>
>> >> I have been testing with a second dhcp server on the same vlan, and
>> >> wanted to limit the scope to only serve out to clients that have mac
>> >> addresses that start with the same 3 octets, something like this
>> >> maybe?
>> >>
>> >>
>> >> class "custom-clients" {
>> >> match if substring (option dhcp-client-identifier, 00:50:56);
>> >> }
>> >>
>> >> deny unknown-clients;
>> >>
>> >
>> > you are very close. if you search for 'isc dhcp match vendor' you
>> > should
>> > get a lot of helpful information. You can simply use the hardware
>> > address
>> > rather than an option. Plus unknown-clients refers to systems that do
>> > not
>> > have a host entry in your file. In this case none do, so all clients
>> > would
>> > be denied. You can either do an allow block:
>> >
>> > or
>> >
>> > class "good" {
>> > match if substring(hardware,1,3) = AA:BB:CC;
>> > }
>> >
>> > allow members of "good";
>> >
>> >
>> >
>> >
>> > or a deny block
>> >
>> >
>> > class "bad" {
>> > match if not substring(hardware,1,3) = AA:BB:CC;
>> > }
>> >
>> > deny members of "bad";
>> >
>> >
>> > In an ideal world they work the same, but test it out and see how they
>> > do
>> > for your use case.
>> >
>> > -greg
>> >
>> >
>> > _______________________________________________
>> > rhelv6-list mailing list
>> > rhelv6-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/rhelv6-list
>>
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
>
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list