I'm putting together a DHCP server to sit on the back end of a CMTS (Cable Modem Termination System). I need the DHCP server to validate mac addresses against a database (or flat file) before handing out the IP. This is to only allow registered modems onto the network. So in short, you plug in a modem, it sends a DHCP discover request. When the dhcp server gets that request, it checks the MAC against its list of registered MAC addresses. If there is a match, it assigns an IP.

Is this easily doable with current opensource packages? I know it can be done, as we have commercial software that is doing it (that we are moving away from for other reasons). Should I be looking at something like ldap or radius instead?

Well, MAC-assigned leases are easy enough to do, but then you aren't actually doing dynamic addresses, clients will always get the same IP. I don't know if this is a problem in your case or not.

That would also require you to manually put in all of the whitelisted MACs and assign them TCP/IP info in the configuration file. Though you could put together a script to automate it for you if you have a lot of MACs to go through or need to add new ones quickly/regularly.

Manually whitelisting MAC's is fine, and actually the idea behind it. That's how we allow users to subscribe to internet service. Once they subscribe, their MAC is added to the database and their modem is allowed to connect. I would ideally like to use a msyql backend, but flat file would work as well. I just can't reset the server every time a new mac is added.

The dhcp documentation is very clear about this: you have to restart dhcpd whenever you change the config file.

But with "reset the server" do you mean that you want to reboot the box? That won't be necessary. Just (depending on your distro)
It takes only a few seconds, no client is going to complain about that.

If you want to use a database to store your mac addresses, built a simple script which first writes the first part of the dhcpd.conf file, then retrieves the data from the database and append all the different entries to you dhcpd.conf file.

I would prefer TCL for this purpose over Bash because it has better string and array handling. I am sure Perl and Python have mysql connectors as well and are even better in string handling but I don't know them.

jlinkels

I'm the network manager at a college with about 1700 machines. What I do is use a mysql database backend, and isc-dhcpd. The process is fairly simple. All the allowed MAC addresses go into the database. A cron runs every 2 minutes to build a dhcpd.conf.generated file to be used as a config file for dhcp. Each MAC from the database goes into the DHCP scope definition within that file as a known host, but with no specified IP. The scope is configured to "deny unknown hosts". Another cron job runs every few minutes to see if the dhcpd.conf.generated file is newer than the existing dhcpd.conf file. If it is, it will replace the .conf file with the contents of the .generated file, and restart dhcp.

The entire process only takes a few seconds, and is harmless in the functionality of DHCP. My dhcp server restarts at least 15 times an hour with no ill effects.

If you wanted to get even simpler you could take out the mysql database, and just modify the dhcpd.conf file directly with the lines you need via a web interface and use a similar refresh script.

For some hints, you may want to look at http://netreg.sourceforge.net/. This is where I got a lot of my ideas from when I built my own.

thanks, that is exactly what we want to be able to do.