You are not logged in.
How can I manually configure my dhcp server to allow only predefined MAC addresses? Have been searching the web for som time now without any luck.
Some tips or links would be appreciated.
Ørjan Pettersen
Offline
If you are referring to dhcpd, please give
man dhcpd.conf
a try. You should find every information you need in there.
Offline
dhcpd is correct.
I have breafly read the man pages, but I didn't find an answer to it there. I might have overlooked it since the file is so big. I'll give it a try again.
Some extra info. None of the clients should be assigned a fixed address.
Ørjan Pettersen
Offline
Please have a look at the section ADDRESS POOLS in the dhcpd.conf manpage. I think you'll find the necessary information there.
If you need more assistance to find a solution, let me know and i'll try to help.
Offline
Heres a sample part out of one of my networks:
ddns-update-style none;RN)
deny bootp;
authoritative;
subnet 192.168.100.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option domain-name "*****";
option routers 192.168.100.1;
option domain-name-servers ***.***.***.226, ***.***.***.12;
default-lease-time 180;
max-lease-time 7200;
}
host fix1
{
hardware ethernet 00:02:3f:3d:73:b3;
fixed-address 192.168.100.201;
filename "ashby";
}
host fix2
{
hardware ethernet 00:0b:db:08:14:49;
fixed-address 192.168.100.202;
filename "SFC Ford";
}
It only gives an IP out if the MAC address matches. Otherwise a machine can't grab an address. I believe this is what you were looking for. I use the filename part to put a user name to each MAC address. It is actually used for tftp booting but I've never noticed a side effect from it. Hope this helps.
Offline
Please have a look at the section ADDRESS POOLS in the dhcpd.conf manpage. I think you'll find the necessary information there.
If you need more assistance to find a solution, let me know and i'll try to help.
Yes, the address pool thing is what I need. This is from the man pages.
# Known clients get this pool.
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown clients;
}
So I guess I need an allow instead of a deny, and list up all MAC addresses that should be allowed to connect. How is this done the best way? By defining all MAC addresses in an allow file(is it possible to use an external file to list up all MAC sddresses?). Or by defining a class thing where all MAC addresses is listed, and then use allow members of "<class name>"?
At first I guess I'll try an alow {list of MAC address}
Thanks for the help.
Ørjan Pettersen
Offline
When I tried the class thing I only got an error saying : "hardware parameter not allowed here".
My dhcpd.conf look like this now.
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
subnet 192.168.1.0 netmask 255.255.255.0 {
# range 192.168.1.10 192.168.1.100;
pool {
range 192.168.1.110 192.168.1.150;
allow hardware ethernet ***;
}
}
It did work fine when I only had the commented out range line. But when I add the pool section, I get the error : "expecting a parameter or declaration", at the last '}'. So it does't work.
Ørjan Pettersen
Offline
Sorry, I ain't got no possibility to test it at the moment, but I thoght it would work that way:
host myhost1 { hardware ethernet 0:c0:c3:88:2d:81; }
host myhost2 { hardware ethernet 0:c0:c3:88:2d:82; }
pool {
option domain-name-servers ns1.example.com, ns2.example.com;
max-lease-time 28800;
range 10.0.0.5 10.0.0.199;
deny unknown-clients;
}
Please let me know if this does ist.
Offline
It works like a charm. Thanks
Ørjan Pettersen
Offline