ISC DHCP assign pool/subnet to certain MAC addresses

Question

Hej, desperate here!

I'm running isc-dhcp-server 4.1 here (with webmin but that's another topic) and want to give some options (tftp-server and bootfile) to network-components that I can identify by MAC address and vendorstring.

However, I got to the point where the config matches the MAC address but still says it's an unknown client and won't proceed after DHCPDISCOVER. I do use deny unknown-clients but for a different shared-network and subnet.

What am I missing here and why do I only get this in the log?

dhcpd: found a board
dhcpd: DHCPDISCOVER from b8:27:eb:ab:cd:ef via eth0: unknown client

This is the current config:

shared-network COMPUTERS {
    subnet 10.0.106.0 netmask 255.255.254.0 {
        option subnet-mask 255.255.254.0;
        default-lease-time 3600;
        authoritative;
        ignore client-updates;
        deny unknown-clients;
        ddns-updates off;
        pool {
            range 10.0.106.170 10.0.106.200;
            }
        pool {
            range 10.0.107.170 10.0.107.200;
            }
        }
    }

class "board" {
    match if substring (hardware, 1, 3) = b8:27:eb;
    log(info, "found a board");
    }

shared-network hardware {
    # network for TFTP stuff
    subnet 192.168.120.0 netmask 255.255.255.0 {
        pool {
                allow unknown-clients;
                allow dynamic bootp clients;
                allow members of "board";
                next-server 192.168.120.254;
                filename "uboot.scr";
                range 192.168.120.10 192.168.120.50;
                log(info , "allocated to a board" );
            }
        }
    }

Since it's a CentOS 6 I am using eth0 and eth0:1 config files and will post ifconfig as well as ip add output:

> ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:26:AB:12:34:56
          inet addr:10.0.106.3  Bcast:10.0.107.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:356698 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224426 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59600895 (56.8 MiB)  TX bytes:32866187 (31.3 MiB)
          Interrupt:17

eth0:1    Link encap:Ethernet  HWaddr 00:26:AB:12:34:56
          inet addr:192.168.120.254  Bcast:192.168.120.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:17


> ip add:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:26:ab:12:34:56 brd ff:ff:ff:ff:ff:ff
    inet 10.0.106.3/23 brd 10.0.107.255 scope global eth0
    inet 192.168.120.254/24 brd 192.168.120.255 scope global eth0:1
        valid_lft forever preferred_lft forever

Any help would be greatly appreciated.

Cheers

Please show us `ifconfig eth0` – Tomek Jul 23 '18 at 19:19 — Tomek, Jul 23 '18 at 19:19
added eth0 information in the post above – Jeremiah Jul 23 '18 at 20:49 — Jeremiah, Jul 23 '18 at 20:49

Tomek · Answer 1 · 2018-07-23T21:39:20.950

0

Given your interface setup you have to put BOTH subnets (10.0.106.0/255.255.254.0 & 192.168.120.0/255.255.255.0) in THE SAME shared-network declaration.

From dhcpd.conf man page:

The shared-network statement is used to inform the DHCP server that some IP subnets actually share the same physical network. Any subnets in a shared network should be declared within a shared-network statement. Parameters specified in the shared-network statement will be used when booting clients on those subnets unless parameters provided at the subnet or host level override them. If any subnet in a shared network has addresses available for dynamic allocation, those addresses are collected into a common pool for that shared network and assigned to clients as needed. There is no way to distinguish on which subnet of a shared network a client should boot.

You probably can get around the restriction in the last sentence by properly using allow, deny and host declarations and you seem to be going in right direction.

You may also want to have a look at allow/deny members of "class". I am not sure however if it is available on your version of the DHCP server. It is documented in man page for ISC dhcpd 4.2.5 on CentOS 7.

edited Jul 23 '18 at 21:39

answered Jul 23 '18 at 19:17

Tomek

2,950
1
15
9

That explained most things and brought me further a couple of steps but it seems that the class match isn't working as intended or, again, I am misunderstanding how to apply it properly. If I leave the `deny unknown-clients;` in the subnet/pool directive of the hardware section I still get unknown-client on the DHCPDISCOVER although I also get both loginfos for found and allocated to board. Totally confusing me. Once I comment/remove the deny unknown-clients I also get other MAC addresses added to the pool.. – Jeremiah Jul 24 '18 at 06:18
On a side note: `dhcpd: Multiple interfaces match the same shared network: eth0 eth0:1` – Jeremiah Jul 24 '18 at 06:36
If you are using deny unknown-clients then you must have host entries for the clients you want to allocate addresses (just entry name and corresponding `hardware ethernet` address). As for the class match - I don't remember all of the details (it's been some time since I played with it) but you may need to prepend OUI part of MAC address with `1` to indicate ethernet address. – Tomek Jul 24 '18 at 07:53

ISC DHCP assign pool/subnet to certain MAC addresses

1 Answers1