Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.firewall > #108
| From | Dan Ritter <dsr@randomstring.org> |
|---|---|
| Newsgroups | linux.debian.maint.firewall |
| Subject | Re: dhcp addresses from pool only to specific devices |
| Date | 2021-03-19 14:40 +0100 |
| Message-ID | <BUnmq-2S7-3@gated-at.bofh.it> (permalink) |
| References | <BUaSe-3uI-3@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Leonardo Boselli wrote:
> I have often set isc-dhcpd to give to each device its address, or to any
> device from a pool of addresses.
> Now the number of "auathorized" devices has grown a lot (more than 300) but
> the pool is only about 90 addrresses. I know that is impossible that were
> active more than that number, and normally will be only around 40 ones, but
> i cannot give a fixed address to each one, since i cannot know if a certain
> couple will be presetn at same time, so i have to use a pool, on the other
> side i need to give access only to machines known , so i have to resort on
> other system.
> Looking at manual I should declare a class of allowed users (that is mac
> addresses) and allow only them to use a public address, while assinging to
> other ones a private one.
> What is NOT clear to me is how to set a class including some hundreds mac
> addresses ... since all the examples I have seen use matches or other cases.
> any hint ?
If you want special treatment for some clients, you need to be
able to identify them. Either they can all supply a parameter in
their DHCP request -- if you control their configuration, this
is reasonable -- or you need to maintain a list of MAC
addresses.
// Here is the list of MAC addresses, assigning a class:
subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
subclass "allocation-class-1" 1:8:0:2b:a9:cc:e3;
subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
...
...
...
subclass "allocation-class-1" 1:0:0:c2:aa:23:4a;
// and here is how they are treated differently:
subnet 10.0.0.0 netmask 255.255.255.0 {
pool {
allow members of "allocation-class-1";
deny unknown-clients;
range 10.0.0.11 10.0.0.50;
}
pool {
allow unknown-clients;
range 10.0.0.51 10.0.0.100;
}
}
Or they can go to different subnets instead of pools of
the same one.
I recommend putting the class definitions in one or more
include files, with comments about human-identifiable info.
If you have a database system that tracks things like this,
it's a good idea to have it produce these include files
for you every hour or day or whatever matches your needs.
-dsr-
Back to linux.debian.maint.firewall | Previous | Next — Previous in thread | Find similar
dhcp addresses from pool only to specific devices Leonardo Boselli <leo@dicea.unifi.it> - 2021-03-19 01:10 +0100
Re: dhcp addresses from pool only to specific devices Leonardo Boselli <leo@dicea.unifi.it> - 2021-03-19 14:30 +0100
Re: dhcp addresses from pool only to specific devices Dan Ritter <dsr@randomstring.org> - 2021-03-19 15:30 +0100
Re: dhcp addresses from pool only to specific devices Dan Ritter <dsr@randomstring.org> - 2021-03-19 14:40 +0100
csiph-web