[ILUG] dhcpd & classes

daithí dave at ceoil.net
Tue Mar 1 15:22:28 GMT 2011 

hi all,

question here about isc dhcpd, running on opensuse 11.1 x86.

i'm trying to separate certain wireless devices from our main subnet, due to
every tom/dick/harry having an iphone / htc / blackberry / nokia / samsung
with wifi. i'm using the hardware list @ http://hwaddress.com as my source
for compiling the list of OUI portions of mac addresses to use for the
filtering.

for the moment, i'm using a single OUI of 90:21:55 (the first portion of my
HTC Desire's mac address.

here are the relevant parts of dhcpd.conf:

class "phones" {
match if substring (hardware,1,3) = 90:21:55;
}

subnet 192.168.2.0 netmask 255.255.255.0 {
        ddns-rev-domainname "192.168.2";
        next-server 192.168.2.99;
        filename "pxelinux.0";
        ddns-updates on;
        ddns-domainname "mycompany.com";
        option ntp-servers 192.168.2.10;
        option log-servers 192.168.2.99;
        option time-servers 192.168.2.10;
        option domain-name-servers 192.168.2.185 , 192.168.2.10;
        option domain-name "mycompany.com";
        option routers 192.168.2.1;
        pool {
          range 192.168.2.35 192.168.2.200;
          deny members of "phones";                      # as i understand,
this explicitly denies members of the "phones" class, while allowing
*everything* else.
        }
}

subnet 192.168.250.0 netmask 255.255.255.0 {
        pool {
          range 192.168.250.10 192.168.250.250;
          allow members of "phones";                     # similarly, this
explicitly allows members of the "phones" class, while denying *everything*
else.
          option domain-name-servers 192.168.2.185 , 192.168.2.10;
          option domain-name "mycompany";
          option routers 192.168.250.1;
        }
}

this results in log entries of the following, when the HTC Desire tries to
lease an IP address:

Mar  1 15:21:12 lambda dhcpd: DHCPDISCOVER from 90:21:55:b3:85:57 via eth1:
network 192.168.2/24: no free leases
Mar  1 15:21:16 lambda dhcpd: DHCPDISCOVER from 90:21:55:b3:85:57 via eth1:
network 192.168.2/24: no free leases

this leads me to believe that the device is being put into the class
correctly, and is being actively denied an address from the 192.168.2.0
subnet, as if i change the 'match' string to exclude the phone, i pick up an
address straight away.

can anyone help?

thanks,

dave.

More information about the ILUG mailing list