[rhelv6-list] dhcpd question: limiting scope to mac address identifiers

Greg Swift greg at nytefyre.net
Fri Jan 4 03:50:10 UTC 2013 

are you using non-authoritative ? I'm not sure exact way to implement it in
your environment, but it might work.

-greg


On Thu, Jan 3, 2013 at 8:20 PM, solarflow99 <solarflow99 at gmail.com> wrote:

> Thanks for the tip, I got it working, but still couldn't stop the dhcp
> servers from interfering with each other.  I see a lot of messages
> like this in syslog:
>
> DHCPDISCOVER from 1c:b0:94:31:20:98 via eth0: network 192.168.2.0/24:
> no free leases
>
> It might be a client side problem for not ignoring the NAK offer and
> picking up the right one from the other dhcp server, since some
> clients do work.
>
>
>
>
> On Fri, Dec 28, 2012 at 9:21 AM, Greg Swift <greg at nytefyre.net> wrote:
> >
> >
> >
> > On Thu, Dec 27, 2012 at 7:41 PM, solarflow99 <solarflow99 at gmail.com>
> wrote:
> >>
> >> I have been testing with a second dhcp server on the same vlan, and
> >> wanted to limit the scope to only serve out to clients that have mac
> >> addresses that start with the same 3 octets, something like this
> >> maybe?
> >>
> >>
> >> class "custom-clients" {
> >>          match if substring (option dhcp-client-identifier, 00:50:56);
> >>        }
> >>
> >> deny unknown-clients;
> >>
> >
> > you are very close.  if you search for 'isc dhcp match vendor' you should
> > get a lot of helpful information.  You can simply use the hardware
> address
> > rather than an option.  Plus unknown-clients refers to systems that do
> not
> > have a host entry in your file.  In this case none do, so all clients
> would
> > be denied.  You can either do an allow block:
> >
> > or
> >
> > class "good" {
> >  match if substring(hardware,1,3) = AA:BB:CC;
> > }
> >
> > allow members of "good";
> >
> >
> >
> >
> > or a deny block
> >
> >
> > class "bad" {
> >  match if not substring(hardware,1,3) = AA:BB:CC;
> > }
> >
> > deny members of "bad";
> >
> >
> > In an ideal world they work the same, but test it out and see how they do
> > for your use case.
> >
> > -greg
> >
> >
> > _______________________________________________
> > rhelv6-list mailing list
> > rhelv6-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhelv6-list/attachments/20130103/70aada42/attachment.htm>

More information about the rhelv6-list mailing list