SUBJECT: Trying and failing to assign same IP address to a host

Desired outcome: Assign same IP address to a VPN client by hostname every time.

Situation: The Cisco ASA VPN firewall does pass the hostname in the DHCP Discover, but does not provide the VPN client's MAC address (it provides the Cisco ASA MAC adress).

What happens: The PCIVWS01 client gets correct ip address 172.16.147.131 first time (and it is written in LEASES file).  Second time the VPN client connected, it got DIFFERENT address: 172.16.147.105. Third time it got 172.16.147.151. 

What I tried: I commented out the lease for 172.16.147.131 in the /var/lib/dhcp/dhcpd.leases fileand restarted dhcpd service, and the PCIVWS01 VPN client got 172.16.147.131 again!

What must I do so  hostname PCIVWS01  always gets 172.16.147.131 ?

========= dhcpd.conf (with example comments removed)==================

ddns-update-style none;

# option definitions common to all supported networks...

option domain-name "lifeway.org";

option domain-name-servers 172.16.41.24, 172.16.41.32;

default-lease-time 86400;

max-lease-time 604800;

log-facility local7;

subnet 172.16.46.30 netmask 255.255.255.255 {

}

subnet 172.17.10.0 netmask 255.255.254.0 {

## dhcp start and end IP range ##

# Test SAND environment

authoritative;

        range 172.17.10.76 172.17.10.199;

option subnet-mask 255.255.254.0;

option broadcast-address 172.17.10.255;

option routers 172.17.10.1;

        host test-Elliott-Lenovo {

          hardware ethernet 00:26:18:23:D1:F6;

          fixed-address 172.17.10.100;

        }     

}

# Classes to specify Ridgecrest PCIClient VPN clients

class "PCIVRC01"{

match if substring (option host-name, 0,8)="PCIVRC01";

}

class "PCIVRC02"{

match if substring (option host-name, 0,8)="PCIVRC02";

}

class "PCIVRC03"{

match if substring (option host-name, 0,8)="PCIVRC03";

}

class "PCIVRC04"{

match if substring (option host-name, 0,8)="PCIVRC04";

}

class "PCIVRC05"{

match if substring (option host-name, 0,8)="PCIVRC05";

}

class "TESTRCC"{

match if substring (option host-name, 0,9)="A00014061";

}

class "PCIVRCXX"{

match if substring (option host-name, 0,6)="PCIVRC";

spawn with option host-name;

}

#

class "PCIVWS01"{

match if substring (option host-name, 0,8)="PCIVWS01";

}

class "PCIVWS02"{

match if substring (option host-name, 0,8)="PCIVWS02";

}

class "PCIVWS03"{

match if substring (option host-name, 0,8)="PCIVWS03";

}

class "PCIVWS04"{

match if substring (option host-name, 0,8)="PCIVWS04";

}

class "PCIVWS05"{

match if substring (option host-name, 0,8)="PCIVWS05";

}

#class "TESTWS"{

#match if substring (option host-name, 0,8)="A00014061";

#}

class "PCIVWSXX"{

match if substring (option host-name, 0,6)="PCIVWS";

spawn with option host-name;

}

subnet 172.16.147.0 netmask 255.255.255.0 {

        # PCI VPN Client

        authoritative;

        #range 172.16.147.64 172.16.147.127;

        option subnet-mask 255.255.255.0;

        option broadcast-address 172.17.147.255;

        option routers 172.16.147.50;

 # Specifically named PCIVRC - Ridgecrest PCIVPN clients get these reserved addresses

    pool {

    allow members of "PCIVRC01";

    range 172.16.147.51 172.16.147.51;

    }

    pool {

    allow members of "PCIVRC02";

    range 172.16.147.52 172.16.147.52;

    }

    pool {

    allow members of "PCIVRC03";

    range 172.16.147.53 172.16.147.53;

    }

    pool {

    allow members of "PCIVRC04";

    range 172.16.147.54 172.16.147.54;

    }

    pool {

    allow members of "PCIVRC05";

    range 172.16.147.55 172.16.147.55;

    }

    pool {

    allow members of "TESTRCC";

    range 172.16.147.63 172.16.147.63;

    }

# Any PCIVRC - Ridgecrest PCIVPN clients get these addresses

    pool {

    allow members of "PCIVRCXX";

    range 172.16.147.64 172.16.147.127;

    }

# Specifically named PCIVWS - WordSearch PCIVPN clients get these reserved addresses

    pool {

    allow members of "PCIVWS01";

    range 172.16.147.131 172.16.147.131;

    }

    pool {

    allow members of "PCIVWS02";

    range 172.16.147.132 172.16.147.132;

    }

    pool {

    allow members of "PCIVWS03";

    range 172.16.147.133 172.16.147.133;

    }

    pool {

    allow members of "PCIVWS04";

    range 172.16.147.134 172.16.147.134;

    }

    pool {

    allow members of "PCIVWS05";

    range 172.16.147.135 172.16.147.135;

    }

#    pool {

#    allow members of "TESTWS";

#    range 172.16.147.149 172.16.147.149;

#    }

# Any PCIVWS - WordSearch PCIVPN clients get these addresses

    pool {

    allow members of "PCIVWSXX";

    range 172.16.147.150 172.16.147.179;

    }

}

=============LEASES============================

root@lwydhcpndcp01:/var/lib/dhcp# more dhcpd.leases

# The format of this file is documented in the dhcpd.leases(5) manual page.

# This lease file was written by isc-dhcp-4.1-ESV-R4

lease 172.16.147.63 {

  starts 3 2016/02/03 12:16:57;

  ends 3 2016/02/03 19:05:55;

  tstp 3 2016/02/03 19:05:55;

  cltt 3 2016/02/03 12:16:57;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406137-Trusted\000";

}

lease 172.16.147.64 {

  starts 3 2015/11/25 16:07:14;

  ends 3 2015/11/25 16:09:14;

  tstp 3 2015/11/25 16:09:14;

  cltt 3 2015/11/25 16:07:14;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A000140612-Trusted\000";

  client-hostname "A00014061";

}

lease 172.16.147.65 {

  starts 1 2015/11/30 14:31:25;

  ends 1 2015/11/30 14:33:25;

  tstp 1 2015/11/30 14:33:25;

  cltt 1 2015/11/30 14:31:25;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A000140613-Trusted\000";

  client-hostname "A00014061";

}

lease 172.16.147.66 {

  starts 1 2015/11/30 19:43:57;

  ends 1 2015/11/30 19:45:57;

  tstp 1 2015/11/30 19:45:57;

  cltt 1 2015/11/30 19:43:57;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406110-Trusted\000";

  client-hostname "A00014061";

}

lease 172.16.147.67 {

  starts 2 2015/12/01 22:23:21;

  ends 2 2015/12/01 22:25:21;

  tstp 2 2015/12/01 22:25:21;

  cltt 2 2015/12/01 22:23:21;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406125-Trusted\000";

  client-hostname "A00014061";

}

lease 172.16.147.68 {

  starts 1 2015/12/14 18:20:41;

  ends 1 2015/12/14 18:47:04;

  tstp 1 2015/12/14 18:47:04;

  cltt 1 2015/12/14 18:20:41;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406126-PCIClientVPN-147\000";

}

lease 172.16.147.69 {

  starts 1 2015/12/14 18:47:55;

  ends 1 2015/12/14 19:07:06;

  tstp 1 2015/12/14 19:07:06;

  cltt 1 2015/12/14 18:47:55;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406127-PCIClientVPN-147\000";

}

lease 172.16.147.70 {

  starts 1 2015/12/14 19:07:52;

  ends 1 2015/12/14 19:09:32;

  tstp 1 2015/12/14 19:09:32;

  cltt 1 2015/12/14 19:07:52;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406128-PCIClientVPN-147\000";

}

lease 172.16.147.71 {

  starts 1 2015/12/21 19:07:55;

  ends 2 2015/12/22 05:08:20;

  tstp 2 2015/12/22 05:08:20;

  cltt 1 2015/12/21 19:07:55;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-A0001406129-PCIClientVPN-147\000";

}

lease 172.16.147.131 {

  starts 1 2016/02/08 16:00:43;

  ends 1 2016/02/08 18:04:35;

  tstp 1 2016/02/08 18:04:35;

  cltt 1 2016/02/08 16:00:43;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-PCIVWS0138-Trusted\000";

}

lease 172.17.10.76 {

  starts 2 2015/09/01 20:52:14;

  ends 3 2015/09/02 19:57:43;

  tstp 3 2015/09/02 19:57:43;

  cltt 2 2015/09/01 20:52:14;

  binding state free;

  hardware ethernet 00:26:18:23:d1:f6;

  uid "\001\000&\030#\321\366";

}

lease 172.17.10.77 {

  starts 1 2016/02/08 12:57:11;

  ends 2 2016/02/09 12:57:11;

  cltt 1 2016/02/08 12:57:11;

  binding state active;

  next binding state free;

  hardware ethernet 00:50:56:9c:1a:1a;

  client-hostname "ubuntu-1204-kln";

}

server-duid "\000\001\000\001\035x\310\335\000PV\220\327|";

lease 172.16.147.150 {

  starts 1 2016/02/08 18:11:55;

  ends 2 2016/02/09 18:11:55;

  cltt 1 2016/02/08 18:11:55;

  binding state active;

  next binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";

  client-hostname "PCIVWS01";

}

lease 172.16.147.150 {

  starts 1 2016/02/08 18:11:55;

  ends 1 2016/02/08 18:20:58;

  tstp 1 2016/02/08 18:20:58;

  cltt 1 2016/02/08 18:11:55;

  binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-PCIVWS0139-Trusted\000";

}

lease 172.16.147.151 {

  starts 1 2016/02/08 18:21:58;

  ends 2 2016/02/09 18:21:58;

  cltt 1 2016/02/08 18:21:58;

  binding state active;

  next binding state free;

  hardware ethernet 00:1b:d5:e8:eb:93;

  uid "\000cisco-001b.d5e8.eb93-PCIVWS0140-Trusted\000";

  client-hostname "PCIVWS01";

}

root@lwydhcpndcp01:/var/lib/dhcp#

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!"