We have plenty of addresses. As for what we're worried about, see the end of my original post (bottom of this message).
Thanks, Brent. >>> [EMAIL PROTECTED] 9/11/2003 4:49:30 PM >>> Do you not have enough IP's to go around? >From the information that you have given me, we have a similar setup. I have ip's statically assigned to mac addresses and also have vlans that are totally dynamic for labs and stuff like that. If you're worried about the administration it would take to maintain the services then you might want to look at a package like http://sauron.jyu.fi/ We have a package similar to that here, but it was a home grown package, but it makes managing the service much easier. James Williams Network Systems Engineer West Texas A&M University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Herring Sent: Thursday, September 11, 2003 4:25 PM To: [EMAIL PROTECTED] Subject: RE: Restricting DHCP services by MAC address Actually, I'm using the dhcpd from www.isc.org. If I understand correctly, the configuration below would statically IP addresses to the specified MAC addresses. I still want to assign IP addresses dynamically since I have thousands of workstations to deal with. Simply put I would like the server to DROP all requests for IP addresses unless it is from MAC addresses that I have specified. Thanks, Brent. >>> [EMAIL PROTECTED] 9/11/2003 4:06:39 PM >>> I'm assuming your using dhcpd services from www.ics.org. If that's the case you could implement the following config into your /etc/dhcpd.conf file default-lease-time 28800; max-lease-time 36000; option domain-name-servers 192.168.31.1; option domain-name "example.com"; ddns-update-style none; ddns-updates off; subnet 192.168.31.0 netmask 255.255.255.0 { option routers 192.168.31.254; option broadcast-address 192.168.31.255; Host workstation1 { hardware ethernet 00:00:00:00:00:01; fixed-address 192.168.31.2; } } subnet 192.168.32.0 netmask 255.255.255.0 { option routers 192.168.32.254; options broadcast-address 192.168.32.255 Host workstation2 { hardware ethernet 00:00:00:00:00:02; fixed-address 192.168.32.1; } } Also in your router be sure you have your helper addresses pointing to your dhcp server. This allows the router to relay directly to the dhcp server. James Williams Network Systems Engineer West Texas A&M University -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brent Herring Sent: Thursday, September 11, 2003 3:41 PM To: [EMAIL PROTECTED] Subject: Restricting DHCP services by MAC address I would like to restrict DHCP services by workstation MAC address. I would like for dhcpd to only respond to work stations with a known MAC address. I used iptables rules to ACCEPT requests to the DHCP server only from the known MAC address(es) and this works fine for workstations on the same subnet as the DHCP server. However, when I expand the service to multiple subnets across a router the DHCP request packet comes through with the MAC address of the router port so my iptables rule does not stop it. Obviously, dhcpd knows the workstation MAC address, but I don't know how I can get/use the information to accomplish what I want. Is it possible to do what I am trying to do? In case you're wondering, the reason I'm trying to do this is to prevent people from brining their virus infected laptops onto campus and having them start broadcasting all over our nice clean network. D. Brent Herring Computer Services University of Central Arkansas -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
