Re: dhcp addresses from pool only to specific devices

To: Leonardo Boselli <leo@dicea.unifi.it>
Cc: debian-firewall@lists.debian.org
Subject: Re: dhcp addresses from pool only to specific devices
From: Dan Ritter <dsr@randomstring.org>
Date: Fri, 19 Mar 2021 09:13:00 -0400
Message-id: <[🔎] YFSjXMeVFPvYhH5j@randomstring.org>
Mail-followup-to: Leonardo Boselli <leo@dicea.unifi.it>, debian-firewall@lists.debian.org
In-reply-to: <[🔎] alpine.DEB.2.20.2103182354260.30183@dipolo.dicea.unifi.it>
References: <[🔎] alpine.DEB.2.20.2103182354260.30183@dipolo.dicea.unifi.it>

Leonardo Boselli wrote: 
> I have often set isc-dhcpd to give to each device its address, or to any
> device from a pool of addresses.
> Now the number of "auathorized" devices has grown a lot (more than 300) but
> the pool is only about 90 addrresses. I know that is impossible that were
> active more than that number, and normally will be only around 40 ones, but
> i cannot give a fixed address to each one, since i cannot know if a certain
> couple will be presetn at same time, so i have to use a pool, on the other
> side i need to give access only to machines known , so i have to resort on
> other system.
> Looking at manual I should declare a class of allowed users (that is mac
> addresses) and allow only them to use a public address, while assinging to
> other ones a private one.
> What is NOT clear to me is how to set a class including some hundreds mac
> addresses ... since all the examples I have seen use matches or other cases.
> any hint ?

If you want special treatment for some clients, you need to be
able to identify them. Either they can all supply a parameter in
their DHCP request -- if you control their configuration, this
is reasonable -- or you need to maintain a list of MAC
addresses.

//  Here is the list of MAC addresses, assigning a class:

subclass "allocation-class-1" 1:8:0:2b:4c:39:ad;
subclass "allocation-class-1" 1:8:0:2b:a9:cc:e3;
subclass "allocation-class-1" 1:0:0:c4:aa:29:44;
...
...
...
subclass "allocation-class-1" 1:0:0:c2:aa:23:4a;

// and here is how they are treated differently:

subnet 10.0.0.0 netmask 255.255.255.0 {
  pool {
    allow members of "allocation-class-1";
    deny unknown-clients;
    range 10.0.0.11 10.0.0.50;
  }
  pool {
    allow unknown-clients;
    range 10.0.0.51 10.0.0.100;
  }

}

Or they can go to different subnets instead of pools of 
the same one.

I recommend putting the class definitions  in one or more
include files, with comments about human-identifiable info.
If you have a database system that tracks things like this,
it's a good idea to have it produce these include files
for you every hour or day or whatever matches your needs.

-dsr-

Reply to:

Follow-Ups:
- Re: dhcp addresses from pool only to specific devices
  - From: Leonardo Boselli <leo@dicea.unifi.it>

References:
- dhcp addresses from pool only to specific devices
  - From: Leonardo Boselli <leo@dicea.unifi.it>

Prev by Date: Re: dhcp addresses from pool only to specific devices
Next by Date: Re: dhcp addresses from pool only to specific devices
Previous by thread: dhcp addresses from pool only to specific devices
Next by thread: Re: dhcp addresses from pool only to specific devices
Index(es):
- Date
- Thread