mac-ip pairs

mac-ip pairs

[Petre Bandac]

hello

I have a small problem: 

a network (something about half of a C class IPs) and some users who I'd like 
to "stick" them to only one IP; half of the computers get their IPs via dhcp, 
the others are fixed.

I was thinking of mixing arp -f /etc/ethers with some iptables rules, but the 
question which arises is if I "stick" the mac on the ip, or the ip on the 
mac, i.e. if the mac X is tied to the IP Y, will the mac X be able to have 
the IP Z (since the IP Y won't allow itself to another ethernet)

hope I'm not too ambiguous,

thanks,

petre


-- 
Login: petre          			Name: Petre Bandac
Directory: /home/petre              	Shell: /usr/local/bin/zsh
On since Fri Jun  6 13:27 (EEST) on ttyv0, idle 16:52 (messages off)
Last login Tue Jun 17 09:21 (EEST) on ttyp6 from ns.rdsbv.ro
No Mail.
No Plan.

Re: mac-ip pairs

[Scott Taylor]

At 06:54 06/19/03, you wrote:
>hello
>
>I have a small problem:
>
>a network (something about half of a C class IPs) and some users who I'd like
>to "stick" them to only one IP; half of the computers get their IPs via dhcp,

My DHCP server can set IP by MAC address.  Running patched DHCP2.0 on 
RedHat7.2.  Maybe your OS and distro are different.

This entry in my /etc/dhcpd.conf file, just before the subnet entry:

host jimmy.dct.net {
         option routers 192.168.1.200;
         option domain-name-servers 192.168.1.211;
         hardware ethernet 00:d0:b7:ad:17:37;
         fixed-address 192.168.1.85;
         }

HTH

Scott.

Re: mac-ip pairs

[Stephen Samuel]

If the options are the same for all (or most) of the machines,
then you can put them outside the host entry.. That would leave
you with host entries consisting of only the haresare and fixed-address
part.

If all you really want to do is ensure that a host that gets
assigned an IP address keeps it for a long period of time, then you
could also assign a dynamic pool with a very long expiry time
(months or years). Generally, even when a machine renews, they
will usually get the same IP address as before.

If you really want to enforce the use of specific IP addresses, then
it'll take a lot more work -- ranging up to turning your box into
an intelligent switch.  with a bunch of multiport cards, you can
put each user (or group of users) on a separate leg and set up the
firewall to only pass packets with the correct IP/MAC pairs.

You can actually do things like that in bridge mode such that
packets would be forewarded transparently for users who don't
violate your policies.


Scott Taylor wrote:
> At 06:54 06/19/03, you wrote:
>> a network (something about half of a C class IPs) and some users who 
>> I'd like
>> to "stick" them to only one IP; half of the computers get their IPs 
>> via dhcp,
> 
> My DHCP server can set IP by MAC address.  Running patched DHCP2.0 on 
> RedHat7.2.  Maybe your OS and distro are different.
> 
> This entry in my /etc/dhcpd.conf file, just before the subnet entry:
> 
> host jimmy.dct.net {
>         option routers 192.168.1.200;
>         option domain-name-servers 192.168.1.211;
>         hardware ethernet 00:d0:b7:ad:17:37;
>         fixed-address 192.168.1.85;
>         }

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
        the jewel within each person and bring it to life.

Re: mac-ip pairs

[Scott Taylor]

Stephen Samuel said:

<snip top posted remarks>

>
>
> Scott Taylor wrote:
>> At 06:54 06/19/03, you wrote:
>>> a network (something about half of a C class IPs) and some users
>>> who
>>> I'd like
>>> to "stick" them to only one IP; half of the computers get their IPs
>>> via dhcp,

Here is a good read:
http://tldp.org/HOWTO/mini/DHCP/index.html

--
Scott
long .signature files are annoying