[SOLVED] Configuring DHCPD with deny unknown-clients

KLPZDM · 08-14-2013, 09:13 AM

I am trying to setup a DHCP server on Centos in a lab so that it only hands out IPs to known host I have configured by mac reservations. I attempted to add the "deny unknown-clients" statement to the range section of the config file however after that all the devices with mac reservations lost their IPs. Below is a portion of my config file. Do I need to use pools to use deny?

Code:

ddns-update-style interim;
ignore client-updates;

subnet 192.168.253.0 netmask 255.255.255.0
{
  option routers 192.168.253.1;
  option subnet-mask 255.255.255.0;
  option time-offset -18000; # Eastern Standard Time
  
  option dhcp-rebinding-time 86400;
  option dhcp-renewal-time 119600;

  # option nis-domain "domain.org";
  # option domain-name "domain.org";
  # option domain-name-servers 192.168.253.1;

  range dynamic-bootp 192.168.253.32 192.168.253.247;
  deny unknown-clients;
  default-lease-time 900;
  max-lease-time 3600;

  host audioDA01 {
   hardware ethernet 00:02:d1:08:98:0e; 
   fixed-address 192.168.253.200;
  }
  host audioDA02 {
   hardware ethernet 00:02:d1:08:98:0f; 
   fixed-address 192.168.253.201;
  }
  host audioDA03 {
   hardware ethernet 00:02:d1:08:98:22; 
   fixed-address 192.168.253.202;
}

YankeePride13 · 08-14-2013, 10:27 AM

Hello,

Firstly someone will surely complain that the contents of your config file are not in the [ c o d e] [ / c o d e] tags.

I am pretty sure (but could be wrong) that the deny unknown-clients statement needs to be inside of a pool declaration.

After making the changes, did you restart the DHCPD service? If not I recommend running this command first :

Code:

dhcpd -t -cf /path/to/configFile/dhcpd.conf

This will test your current dhcpd.conf file for errors.

Other things I've noticed:

Did you accidentally delete the semicolon after deny unknown hosts when editing the config file to make it stand out? Or is it actually missing?

Also it looks like you might be missing a close curly brace, ending your subnet declaration, but again it might be due to your editing that it's missing.

KLPZDM · 08-14-2013, 10:41 AM

Thanks, the missing semi colon and brace were omitted by me in haste. Thanks for the heads up on the code tags. I will try you suggestions. I have seen some articles that say you should not use a deny or allow statements with address pools but I have seen others that say they have to be used within an address pool. Do you have any clarification on what is meant?

KLPZDM · 08-19-2013, 09:52 AM

I was able to exclude unwanted clients from getting DHCP addresses by removing the range statement (range dynamic-bootp 192.168.253.32 192.168.253.247

. Since the host statements contained all the mac to IP mappings a range was not needed.The "deny unknown-clients;" statement was also not needed.