Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I hoping there is a dhcpd wizard out there that can help me with a config question. I'm trying to set up a dhcpd server that will only hand out address to a specific OUI group Proxim (00:20:A6.) It would seem that you can do this but I haven't found a good example to work from. Any info or places to start would be great.
This is all I've found but don't know enough to implament.
group {
match if (substring(hardware,1,3)=00:0e:7b);
range 123.123.123.1 123.123.123.50;
deny unknown-clients;
}
I am no wizard, but I can (and did) search on the phrase "match if (substring(hardware". See if the final post in this thread helps. I think it very similar to what you are trying to do. (And I think I just learned a little bit more about dhcpd! )
Thank you for the link it was very helpful, however I am still not able to get it working. Here's my dhcpd.conf:
#DHCP CONFIG
#ddns-update-style ad-hoc;
# option definitions common to all supported networks...
option domain-name "ntdom.cupdx";
option domain-name-servers 70.103.52.169;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
class "access-points" {
match if substring(hardware,1,3) = 00:20:a6;
}
# 10.24.10.0
subnet 10.24.10.0 netmask 255.255.255.0 {
pool {
range 10.24.10.201 10.24.10.229;
allow members of "access-points";
deny unknown-clients;
}
}
This is what get when I test:
bhenderson@dhcpd-ap4000:~$ sudo dhcpd3 -d -f 2>&1
Internet Systems Consortium DHCP Server V3.0.3
Copyright 2004-2005 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on LPF/eth0/00:0c:29:ca:69:c6/10.24.10/24
Sending on LPF/eth0/00:0c:29:ca:69:c6/10.24.10/24
Sending on Socket/fallback/fallback-net
DHCPDISCOVER from 00:20:a6:7e:bd:70 via eth0: network 10.24.10/24: no free leases
DHCPDISCOVER from 00:20:a6:7e:bd:70 via eth0: network 10.24.10/24: no free leases
DHCPDISCOVER from 00:20:a6:7e:bd:70 via eth0: network 10.24.10/24: no free leases
If any one can see my error please let me know.
I assume that the client is not meeting the class requirement but I don't know why. Again any info or lead in the right direction would be great.
EDIT: I am leaving this post here for historical (hysterical? ) purposes, but as I outline in my next post, I now believe what I suggest in this post to be neither needed nor helpful.
It looks to me like you did exactly the same as the page I linked to. Have you tried removing the restrictions to verify that is the problem?
Last edited by blackhole54; 02-01-2008 at 12:28 AM.
I did some tests on my own DHCP server and might know what is going on here. As I am still learning this myself, please verify for yourself what I say. Let me also note that I used dhcpd version isc-dhcpd-V3.0pl1 which I believe is rather old.
I believe the problem is the deny unknown-clients statement. I don't understand why it worked for the poster on our reference page. I set up something analogous to your conf file except that I was working with 192.168.2.0/24. I also got the no free leases message. This went away if I either commented out the deny unknown-clients line or if I added a host declaration for the machine seeking an IP address. This seems consistent with what the dhcpd.conf man page says about unknown-clients. Namely, a client is "unknown" if it doesn't have a host declaration. So that statement prohibits dhcpd from leasing an address to such a machine (in your case, all machines).
Further, as I understand the man page, with the allow statement present, everything that is not specifically allowed will be denied. So an explicit deny statement is not necessary.
I hope this helps you get things working.
Last edited by blackhole54; 02-01-2008 at 01:00 AM.
Reason: typo cleanup[
man dhcp-eval shows: substring (data-expr, offset, length)
The substring operator evaluates the data expression and returns the substring of the result of that evaluation that starts offset bytes from the beginning, continuing for length bytes. Offset and length are both numeric expressions. If data-expr, offset or length evaluate to null, then the result is also null. If offset is greater than or equal to the length of the evaluated data, then a zero-length data string is returned. If length is greater then the remaining length of the evaluated data after offset, then a data string containing all data from offset to the end of the evaluated data is returned.
This might indicate that "match if substring(hardware,1,3) = 00:20:a6;" is improperly defined, i.e. starts with 0, length is 8 or some such. I don't know what the actual expression storage is.....
This might indicate that "match if substring(hardware,1,3) = 00:20:a6;" is improperly defined, i.e. starts with 0, length is 8 or some such. I don't know what the actual expression storage is.....
In my tests, that worked fine. Specifically, I used:
Code:
class "PANG" {
match if substring(hardware,1,3) = 00:17:31;
}
Combined with
Code:
pool {
range 192.168.2.221 192.168.2.239;
allow members of "PANG";
# deny unknown-clients;
}
in the subnet specification. This allowed an interface whose MAC started with 00:17:31 and excluded one that didn't start with that. Note that I commented out the offending statement.
EDIT: BTW, no free leases seems to be the standard message when it is blocking. I guess because there aren't any free leases in the null set!
Last edited by blackhole54; 02-01-2008 at 09:22 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.