LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-15-2008, 02:29 PM   #1
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Setting mac-address restrictions in dhcpd


Hello,

I have a dhcp server set up (Using CentOS 5.2) and I want to set it up to only give addresses to certain mac-addresses. Sort of an access control list type of thing...

This is my current set up...

Code:
authoritative;
ddns-update-style interim;
default-lease-time 28800;
max-lease-time 28800;

        option routers                  192.168.2.1;
        option broadcast-address        192.168.2.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      192.168.2.225, 192.168.2.223;
        option domain-name              "mydomain.org";

        subnet 192.168.2.0 netmask 255.255.255.0 {
                range 192.168.2.205 192.168.2.212;

        host it-laptop {
        hardware ethernet 00:16:cb:99:50:e0;
        fixed-address 192.168.2.205;
        }
}
I know that the above config will give the it-laptop the fixed addess...but I would have to do that for each host.

Is there away to say "I only want these mac-addresses to get an ip address"?

I've read about "groups" but I'm getting lost.

Any help would be great, thanks! :-)

-C
 
Old 08-15-2008, 07:01 PM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
One way would be to use a pool and host entries, for the host entries you can either have the fixed address if you want them static or get one from the pool for dynamic.

excerpt from the dhcpd.conf manpage
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}

unknown-clients are clients that don't have a host entry. The pool goes inside your subnet.

It doesn't eliminate the need for a host entry for each one but it does allow you to have a shorter host entry.
 
Old 08-15-2008, 11:13 PM   #3
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Thanks estabroo...

So if I get it correctly...I should change my configuration to look something like this?

Code:
authoritative;
ddns-update-style interim;
default-lease-time 28800;
max-lease-time 28800;

        option routers                  192.168.2.1;
        option broadcast-address        192.168.2.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      192.168.2.225, 192.168.2.223;
        option domain-name              "mydomain.org";

        subnet 192.168.2.0 netmask 255.255.255.0 {
             pool {
                range 192.168.2.205 192.168.2.212;
                host it-laptop {
                hardware ethernet 00:16:cb:99:50:e0;
                }
                host hr-laptop {
                hardware ethernet 00:16:cb:a9:0b:fc;
                }
                deny unknown-clients;
             }
}
I'm not sure if I have them in the right order...sorry...I would test it...but this is on a production server

Any help would be appreciated

Thanks,

-C

Last edited by custangro; 08-16-2008 at 11:31 AM.
 
Old 08-16-2008, 05:03 PM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,126
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
Your config worked for me, so it'll probably work for you. I tested it with both clients with a host record and without a host record and it only gave ips to clients with host records.

Last edited by estabroo; 08-16-2008 at 05:04 PM. Reason: followup
 
Old 08-19-2008, 06:33 PM   #5
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,978

Original Poster
Blog Entries: 1

Rep: Reputation: 209Reputation: 209Reputation: 209
Just tested it...

It works like I wanted it to.

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dhcpd Filtering by MAC chappel77 Linux - Networking 7 02-02-2008 03:42 PM
Firestarter - no restrictions on 1 IP address? packersfan2010 Linux - Security 2 08-29-2007 07:34 AM
MAC address based client restrictions aliasgherman Linux - Networking 1 04-10-2007 04:53 PM
how to get ip address, broadcast address, mac address of a machine sumeshstar Programming 2 03-12-2005 04:33 AM
setting user restrictions artman62 Linux - Networking 1 08-31-2002 04:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration