9

I'm running a ISC DHCPd server for my network serving a number of subnets. One of the things I would like to do is assign a specific range of IPs to hosts with a common MAC prefix (ex. 00:01:02). Also, the assignments have to be able to be over-ridden by assignments with fixed-address. I've googled for it, but haven't found anything definitive.

Bonus if I can put the statement within a subnet stanza of my dhcpd.conf (it would fit better with my management software).

Jon Bailey
  • 257
  • 1
  • 4
  • 11

2 Answers2

15

Something like this:

class "specialK" {
    match if substring (hardware, 1, 3) = 00:01:02;
}
subnet 10.0.0.0 netmask 255.255.255.0 {
    pool {
        range 10.0.0.16 10.0.0.32;
        allow members of "specialK";
    }
}

hmm, is it supposed to be (hardware, 0, 2) or (.. 1, 3), test it out. :)

toppledwagon
  • 4,215
  • 24
  • 15
  • Syntax is substring(string, offset, length), so it should be (1, 8) I think... man 5 dhcp-eval isn't clear on this. – Kamil Kisiel Oct 30 '09 at 07:00
  • 2
    +1 - this works better than the binary-to-ascii stuff. Also - offset 1,3 is correct, not 1,8. – James Dec 16 '09 at 16:33
  • 1
    Wonderful minimal example. The `allow` implicitly denies other clients that don't match the class. However, if you have a second pool with no rules, clients matching that MAC prefix could still be placed there unless it has `deny members of "specialK";`. – Raptor007 May 19 '16 at 01:34
  • Note that with this solution, the mac address is a list of hex values and not a string, so it should not be quoted. – dramzy Jul 28 '16 at 20:11
9

On my system (debian lenny), I need to need binary-to-ascii in order to match mac-addresses. In this (working) example from my dhcpd.conf, server247 is in class "local", however, I give it a fixed address that it not in the pool. I would recommend that the fixed addresses be in a separate range from the dynamically assigned addresses (they can still be in the same subnet).

class "kvm" {
   match if binary-to-ascii(16,8,":",substring(hardware, 1, 2)) = "56:11";
}

class "local" {
   match if binary-to-ascii(16,8,":",substring(hardware, 1, 2)) = "52:54";
}

host meme {
 fixed-address 10.1.0.254;
}

host server247 {
  hardware ethernet 52:54:00:2f:ea:07;
  fixed-address 10.1.0.247;
}

subnet 10.1.0.224 netmask 255.255.255.224 {
  option routers 10.1.0.225;
  pool {
     allow members of "kvm";
     range 10.1.0.226 10.1.0.235;
  }
  pool {
     allow members of "local";
     range 10.1.0.236 10.1.0.240;
  }
  pool {
     # Don't use this pool. It is really just a range to reserve
     # for fixed addresses defined per host, above.
     allow known-clients;
     range 10.1.0.241 10.1.0.253;
  }
}

For your example, you would do:

match if binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "00:01:02";
Gregor
  • 456
  • 2
  • 11
  • 1
    The problem with this approach is that `binary-to-ascii()` does not know anything about MAC addresses and will truncate leading zeroes from every byte. – dramzy Jul 29 '16 at 21:04