On Mon, Jan 06, 2020 at 09:33:44AM -0500, Steve Litt wrote:
| On Mon, 06 Jan 2020 14:03:20 +0100
| "Boudewijn Dijkstra" <mailinglists.boudew...@indes.com> wrote:
|
|
| > Another way is to configure the DHCP server to give alice the same
| > address every time.
| >
| > host alice {
| > hardware ethernet 00:19:b9:e0:2f:de;
| > fixed-address 192.168.0.68;
| > }
|
| I need something like that for my situation. Two questions:
|
| 1) Does the preceding setup prevent anyone with a different mac address
| from getting 192.168.0.68?
That specific snippet of DHCP configuration does not prevent dhcpd
from handing it out to other machines (with different macs). It
depends on the rest of your configuration and on whether this machine
is currently alive with that address on your network.
If you have configured a range for dynamic allocation that covers the
assigned fixed-address, then that fixed-address may be assigned to
another machine. This may result in problems for host alice when it
boots. The easy solution is to not do that: don't have your
statically assigned addresses overlap with the dynamic range.
| 2) Is there a way I can set it up so ONLY specific mac addresses can
| get a dhcp lease from my server?*** I'd like to keep the man on the
| street from getting a lease: If I don't know the person and machine
| ahead of time, I don't want them getting a lease.
If you want to only allow specific MACs, then you'll need to specify
the MAC addresses in the configuration file, and assign each one an
address, so you'll need to pre-assign IPs to MACs.
| *** I presume one way is to set aside just enough IP addresses to cover
| known mac addresses. I was wondering if there's a way that involves
| less arithmetic.
Not sure what arithmetic you're referring to specifically: simply
enumerate all machines by MAC and give each one a static lease
('fixed-address') in your /etc/dhcpd.conf, much like the host 'alice'
in the sample Boudewijn showed you. Leave out a dynamic 'range' for
unknown clients, and you're done. This is what I have done in the
past on my private home network.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
