ISC DHCP Users

Only allow pool range nothing else

classic Classic list List threaded Threaded
3 messages Options
Marc Roos
Reply | Threaded
Open this post in threaded view
|

Only allow pool range nothing else

Marc Roos


With this configuration a "testing" client can get an ip address
192.168.11.44. How can I make sure the clients identifying with
"testing" are only getting the ip addresses reserved in the pool (eg
192.168.11.43) and nothing else. So no ip adress should be issued when
the all ip addresses of the range have been already assigned.


subnet 192.168.11.0 netmask 255.255.255.0 {
        #option routers          192.168.11.1;
        option subnet-mask      255.255.255.0;
        option domain-name-servers      192.168.11.10,212.19.193.130;

        #range   192.168.11.9    192.168.11.11;
        pool { allow members of "testing"; range 192.168.11.43
192.168.11.43; }
        deny unknown-clients;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bill Shirley-2
Reply | Threaded
Open this post in threaded view
|

Re: Only allow pool range nothing else

Bill Shirley-2
You've only shown us one pool.  The other pools should have a line:
deny members of "testing";

Bill

On 8/20/2019 6:12 PM, Marc Roos wrote:

With this configuration a "testing" client can get an ip address 
192.168.11.44. How can I make sure the clients identifying with 
"testing" are only getting the ip addresses reserved in the pool (eg 
192.168.11.43) and nothing else. So no ip adress should be issued when 
the all ip addresses of the range have been already assigned.


subnet 192.168.11.0 netmask 255.255.255.0 {
        #option routers          192.168.11.1;
        option subnet-mask      255.255.255.0;
        option domain-name-servers      192.168.11.10,212.19.193.130;

        #range   192.168.11.9    192.168.11.11;
        pool { allow members of "testing"; range 192.168.11.43 
192.168.11.43; }
        deny unknown-clients;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Bruce Hudson
Reply | Threaded
Open this post in threaded view
|

Re: Only allow pool range nothing else

Bruce Hudson
On Tue, Aug 20, 2019 at 08:32:25PM -0400, Bill Shirley wrote:

> You've only shown us one pool.  The other pools should have a line:
> deny members of "testing";

    This is basically true but any pool that already has an allow
statement already has an implicit deny for everything else. Beware
mixing explicit allows and denies in the same pool. It acts oddly.

    Marc, you should remove the "deny unknown-clients" from your
testing pool.
--
Bruce A. Hudson | [hidden email]
ITS, Networks and Systems |
Dalhousie University |
Halifax, Nova Scotia, Canada | (902) 494-3405
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Free forum by Nabble Edit this page