Re: mac-ip pairs

[Stephen Samuel <samuel@bcgreen.com>]

If the options are the same for all (or most) of the machines,
then you can put them outside the host entry.. That would leave
you with host entries consisting of only the haresare and fixed-address
part.

If all you really want to do is ensure that a host that gets
assigned an IP address keeps it for a long period of time, then you
could also assign a dynamic pool with a very long expiry time
(months or years). Generally, even when a machine renews, they
will usually get the same IP address as before.

If you really want to enforce the use of specific IP addresses, then
it'll take a lot more work -- ranging up to turning your box into
an intelligent switch.  with a bunch of multiport cards, you can
put each user (or group of users) on a separate leg and set up the
firewall to only pass packets with the correct IP/MAC pairs.

You can actually do things like that in bridge mode such that
packets would be forewarded transparently for users who don't
violate your policies.


Scott Taylor wrote:
> At 06:54 06/19/03, you wrote:
>> a network (something about half of a C class IPs) and some users who 
>> I'd like
>> to "stick" them to only one IP; half of the computers get their IPs 
>> via dhcp,
> 
> My DHCP server can set IP by MAC address.  Running patched DHCP2.0 on 
> RedHat7.2.  Maybe your OS and distro are different.
> 
> This entry in my /etc/dhcpd.conf file, just before the subnet entry:
> 
> host jimmy.dct.net {
>         option routers 192.168.1.200;
>         option domain-name-servers 192.168.1.211;
>         hardware ethernet 00:d0:b7:ad:17:37;
>         fixed-address 192.168.1.85;
>         }

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
        the jewel within each person and bring it to life.