Setting mac-address restrictions in dhcpd

custangro · 08-15-2008, 02:29 PM

Hello,

I have a dhcp server set up (Using CentOS 5.2) and I want to set it up to only give addresses to certain mac-addresses. Sort of an access control list type of thing...

This is my current set up...

Code:

authoritative;
ddns-update-style interim;
default-lease-time 28800;
max-lease-time 28800;

        option routers                  192.168.2.1;
        option broadcast-address        192.168.2.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      192.168.2.225, 192.168.2.223;
        option domain-name              "mydomain.org";

        subnet 192.168.2.0 netmask 255.255.255.0 {
                range 192.168.2.205 192.168.2.212;

        host it-laptop {
        hardware ethernet 00:16:cb:99:50:e0;
        fixed-address 192.168.2.205;
        }
}

I know that the above config will give the it-laptop the fixed addess...but I would have to do that for each host.

Is there away to say "I only want these mac-addresses to get an ip address"?

I've read about "groups" but I'm getting lost.

Any help would be great, thanks! :-)

-C

estabroo · 08-15-2008, 07:01 PM

One way would be to use a pool and host entries, for the host entries you can either have the fixed address if you want them static or get one from the pool for dynamic.

excerpt from the dhcpd.conf manpage
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}

unknown-clients are clients that don't have a host entry. The pool goes inside your subnet.

It doesn't eliminate the need for a host entry for each one but it does allow you to have a shorter host entry.

custangro · 08-15-2008, 11:13 PM

Thanks estabroo...

So if I get it correctly...I should change my configuration to look something like this?

Code:

authoritative;
ddns-update-style interim;
default-lease-time 28800;
max-lease-time 28800;

        option routers                  192.168.2.1;
        option broadcast-address        192.168.2.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      192.168.2.225, 192.168.2.223;
        option domain-name              "mydomain.org";

        subnet 192.168.2.0 netmask 255.255.255.0 {
             pool {
                range 192.168.2.205 192.168.2.212;
                host it-laptop {
                hardware ethernet 00:16:cb:99:50:e0;
                }
                host hr-laptop {
                hardware ethernet 00:16:cb:a9:0b:fc;
                }
                deny unknown-clients;
             }
}

I'm not sure if I have them in the right order...sorry...I would test it...but this is on a production server

Any help would be appreciated

Thanks,

-C

estabroo · 08-16-2008, 05:03 PM

Your config worked for me, so it'll probably work for you. I tested it with both clients with a host record and without a host record and it only gave ips to clients with host records.

custangro · 08-19-2008, 06:33 PM

Just tested it...

It works like I wanted it to.

-C