Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
dhcp addresses from pool only to specific devices
5 views
Skip to first unread message
Leonardo Boselli
Mar 18, 2021, 8:10:03 PM3/18/21
to
I have often set isc-dhcpd to give to each device its address, or to any
device from a pool of addresses.
Now the number of "auathorized" devices has grown a lot (more than 300)
but the pool is only about 90 addrresses. I know that is impossible that
were active more than that number, and normally will be only around 40
ones, but i cannot give a fixed address to each one, since i cannot know
if a certain couple will be presetn at same time, so i have to use a pool,
on the other side i need to give access only to machines known , so i have
to resort on other system.
Looking at manual I should declare a class of allowed users (that is mac
addresses) and allow only them to use a public address, while assinging to
other ones a private one.
What is NOT clear to me is how to set a class including some hundreds mac
addresses ... since all the examples I have seen use matches or other
cases.
any hint ?
--
Leonardo Boselli
Università di Firenze
tel:+39 0552758808 +39 3488605348
device from a pool of addresses.
Now the number of "auathorized" devices has grown a lot (more than 300)
but the pool is only about 90 addrresses. I know that is impossible that
were active more than that number, and normally will be only around 40
ones, but i cannot give a fixed address to each one, since i cannot know
if a certain couple will be presetn at same time, so i have to use a pool,
on the other side i need to give access only to machines known , so i have
to resort on other system.
Looking at manual I should declare a class of allowed users (that is mac
addresses) and allow only them to use a public address, while assinging to
other ones a private one.
What is NOT clear to me is how to set a class including some hundreds mac
addresses ... since all the examples I have seen use matches or other
cases.
any hint ?
--
Leonardo Boselli
Università di Firenze
tel:+39 0552758808 +39 3488605348
Leonardo Boselli
Mar 19, 2021, 9:30:03 AM3/19/21
to
It was more or less my idea, but was not sure about the syntax but in
documentatin was not completely clear
and also, how much can be the list long ?
(Yes, I have the mac addresses in a database)
thank you for the clarification.
On Fri, 19 Mar 2021, Dan Ritter wrote:
> If you want special treatment for some clients, you need to be
> able to identify them. Either they can all supply a parameter in
> their DHCP request -- if you control their configuration, this
> is reasonable -- or you need to maintain a list of MAC
> addresses.
>
> // Here is the list of MAC addresses, assigning a class:
>
> subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
> subclass "allocation-class-1" 1:8:0:2b:a9:cc:e3;
> subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
> ...
> ...
> ...
> subclass "allocation-class-1" 1:0:0:c2:aa:23:4a;
>
> // and here is how they are treated differently:
>
> subnet 10.0.0.0 netmask 255.255.255.0 {
> pool {
> allow members of "allocation-class-1";
> deny unknown-clients;
> range 10.0.0.11 10.0.0.50;
> }
> pool {
> allow unknown-clients;
> range 10.0.0.51 10.0.0.100;
> }
>
> }
>
> Or they can go to different subnets instead of pools of
> the same one.
>
> I recommend putting the class definitions in one or more
> include files, with comments about human-identifiable info.
> If you have a database system that tracks things like this,
> it's a good idea to have it produce these include files
> for you every hour or day or whatever matches your needs.
>
> -dsr-
documentatin was not completely clear
and also, how much can be the list long ?
(Yes, I have the mac addresses in a database)
thank you for the clarification.
On Fri, 19 Mar 2021, Dan Ritter wrote:
> If you want special treatment for some clients, you need to be
> able to identify them. Either they can all supply a parameter in
> their DHCP request -- if you control their configuration, this
> is reasonable -- or you need to maintain a list of MAC
> addresses.
>
> // Here is the list of MAC addresses, assigning a class:
>
> subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
> subclass "allocation-class-1" 1:8:0:2b:a9:cc:e3;
> subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
> ...
> ...
> ...
> subclass "allocation-class-1" 1:0:0:c2:aa:23:4a;
>
> // and here is how they are treated differently:
>
> subnet 10.0.0.0 netmask 255.255.255.0 {
> pool {
> allow members of "allocation-class-1";
> deny unknown-clients;
> range 10.0.0.11 10.0.0.50;
> }
> pool {
> allow unknown-clients;
> range 10.0.0.51 10.0.0.100;
> }
>
> }
>
> Or they can go to different subnets instead of pools of
> the same one.
>
> I recommend putting the class definitions in one or more
> include files, with comments about human-identifiable info.
> If you have a database system that tracks things like this,
> it's a good idea to have it produce these include files
> for you every hour or day or whatever matches your needs.
>
> -dsr-
Dan Ritter
Mar 19, 2021, 9:40:02 AM3/19/21
to
Dan Ritter
Mar 19, 2021, 10:30:02 AM3/19/21
to
Leonardo Boselli wrote:
> It was more or less my idea, but was not sure about the syntax but in
> documentatin was not completely clear and also, how much can be the list
> long ?
> (Yes, I have the mac addresses in a database)
The list can easily be hundreds or thousands; if you
> It was more or less my idea, but was not sure about the syntax but in
> documentatin was not completely clear and also, how much can be the list
> long ?
> (Yes, I have the mac addresses in a database)
need more than 10,000 or so, you have a different class of
problem.
-dsr-
0 new messages