how to do dhcpd to give a certain ip address based on mac address

robertjinx · 11-24-2010, 05:09 AM

Hello, Im trying to setup dhcpd to put certain systems witch have mac address starting with 08:00:* in a certain ip class.

How can this be done?

So any system with mac address starting with 08:00 to get an ip from this range 192.168.12.2-192.168.12.99.

Noway2 · 11-24-2010, 05:26 AM

In your DHCP configuration you will want to create (or modify) a class or a zone. You can the create a "filter" that will match on a substring of the MAC address to identify that class. You then specify that members of that class receive IP addresses from a the desired pool. That sounds a lot more complicated than it really is, so here is an example:

Code:

  subnet 172.17.0.0 netmask 255.255.255.0 {
  class "myclass" {
  match if substring (hardware, 1, 2) = 08:00;
}

pool {
    allow members of "myclass";
    range 172.17.0.2 172.17.0.10;
}

robertjinx · 11-24-2010, 06:32 AM

I set it up like this:

subnet 192.168.12.0 netmask 255.255.255.0 {

class "virtualclass" {
match if substring (hardware, 1, 2) = 08:00;
}
}

pool {
allow members of "virtualclass";
range 192.168.12.2 192.168.12.99;
}

But it runs into an error:

dhcpd self-test failed. Please fix the config file.
The error was:
/etc/dhcp3/dhcpd.conf line 64: pool declared outside of network
pool
^
Configuration file errors encountered -- exiting

robertjinx · 11-24-2010, 06:35 AM

Sorry, my bad, suppose to be setup like this:

subnet 192.168.12.0 netmask 255.255.255.0 {
class "virtualclass" {
match if substring (hardware, 1, 2) = 08:00;
}

pool {
allow members of "virtualclass";
range 192.168.12.2 192.168.12.99;
}
}

robertjinx · 11-24-2010, 06:41 AM

OK, the setup is accepted by dhcpd, but it doesn't actually work, still assigns different ip's for mac's witch start with 08:00:

/var/lib/dhcp3/dhcpd.leases:

Code:

lease 192.168.11.59 {
  starts 3 2010/11/24 11:37:41;
  ends 3 2010/11/24 23:22:41;
  binding state active;
  next binding state free;
  hardware ethernet 08:00:27:de:be:09;
}
lease 192.168.11.55 {
  starts 3 2010/11/24 11:37:41;
  ends 3 2010/11/24 23:22:41;
  binding state active;
  next binding state free;
  hardware ethernet 08:00:27:d8:e9:47;
}

chrism01 · 11-25-2010, 01:22 AM

I think you need to re-start the DHCP server to get it to re-read it's cfg? Or at least kill -HUP ...

robertjinx · 11-25-2010, 05:10 AM

That was pretty obvious that I need to restart dhcpd when updating configuration.

Noway2 · 11-25-2010, 07:16 AM

I don't see anything wrong with the configuration. I would suggest the following:

1 - restart the DHCP and then look at syslog to see if it gave you any warnings or error messages that aren't sever enough to keep it from starting, but prevent it from working as intended.
2 - I searched for examples of how to perform this function and I saw a couple of minor variations on the syntax. Perhaps one of them will work for you.
a - put the MAC address that you are trying to match in between " marks. match if substring (hardware, 1, 2) = "08:00";
b - try substring (option hardware....
c - try adjusting the range on the hardware address to (hardware, 0,1) instead of (hardware 1,2)
3 - Is it possible that the DHCP is making an assignment from an earlier block in the configuration and not even getting to this one? Try putting a deny clause in the other block where the assingment is coming from. Along those lines, you may need to define the subnet, pool, or class towards the top of the file.

robertjinx · 11-25-2010, 10:11 AM

Ok, most of the idea didn't work, how do I do the deny idea?

P.S. option hardware doesn't work.

robertjinx · 11-25-2010, 11:25 AM

Here is my full configuration, if it helps:

Code:

ddns-update-style none;
authoritative;
default-lease-time 42300;
max-lease-time 84600;
log-facility local7;
option domain-name "internet.example.lan";
option domain-name-servers 192.168.11.1,192.168.11.100;
option routers 192.168.11.100;
option subnet-mask 255.255.255.0;
option ntp-servers 192.168.11.1;
option time-offset -0100;  # GMT+1
option wpad-url code 252 = text;
option wpad-url "http://local.example.org/proxy.pac\\n";

subnet 192.168.11.0 netmask 255.255.255.0 {
        range                   192.168.11.2 192.168.11.99;
        allow unknown-clients;
        allow booting;
        allow bootp;
        filename "pxelinux.0";
}

host wifi-router {
        hardware ethernet 00:1e:58:14:f8:81;
        fixed-address 192.168.11.99;
}

host laptop1 {
        hardware ethernet 00:1d:72:14:2b:ef;
        fixed-address 192.168.11.2;
}

host laptop2 {
        hardware ethernet 00:1e:37:8c:d6:73;
        fixed-address 192.168.11.3;
}

host laptop3 {
        hardware ethernet 00:0d:60:af:6c:b0;
        fixed-address 192.168.11.4;
}

host laptop4 {
	hardware ethernet 00:21:86:94:e5:68;
	fixed-address 192.168.11.4;
}

host storage {
	hardware ethernet 00:08:9b:bd:cd:3c;
	fixed-address 192.168.10.200;
}

host devel {
	hardware ethernet e0:cb:4e:c3:23:7a;
	fixed-address 192.168.11.10;
}

subnet 192.168.12.0 netmask 255.255.255.0 {
	class "virtualclass" {
		match if substring (hardware, 0, 1) = "08:00";
	}

	pool {
		allow members of "virtualclass";
		range 192.168.12.2 192.168.12.99;
	}
}

Noway2 · 11-27-2010, 06:29 AM

In order to deny machines with these MAC addresses, you would simply add a statement like 'deny members of "virtualclass";' to the pool block for your main network.

I was reading some information on setting up OpenVPN with using a DHCP server instead of the pseudo DHCP used by OpenVPN. The author said that they used this same technique of creating an allow and a deny pool while matching on a substring of the MAC address to assign from. I have a similar setup, but don't have a deny clause. At any rate, it is worth trying and easy enough to do. At a minimum, it should tell you if the match substring is working properly.

Also, are there any warnings or errors in your syslog after you restart the DHCP that could indicate a typo or syntax error in your configuration file? I don't see anything wrong with your config file, but sometimes non printable characters or an unexpected " mark can cause some trouble.

robertjinx · 11-27-2010, 06:57 AM

No, there are no error with the config that I have, but it just doesn't work as it suppose to. Also how do I deny a class, when that class is specified in a different subnet, or I create this class also in the other subnet?