*** From dhcp-server -- To unsubscribe, see the end of this message. ***
On Mon, 10 May 1999, Joe Polchlopek wrote:
> Could anyone using the ISC dhcp server in an academic ResNet-type
> situation please share your configuration and implementation how-to's?
> Specifically: How to configure two servers, one of which will hand out
> a range of IP numbers allowing the clients on-campus access only. After a
> user has filled out a web-based registration form, their ethernet address
> will be authorized to receive a permanent IP number and access to
> off-campus resources. The permanent IP numbers will be served by the
> second dhcp server.
>
> I'm assuming this would require two servers. Is anyone is doing something
> like this with one server?
Hi Joe,
I'm getting ready to deploy this exact same setup right now - although
with one server. This is _EASY_ to do with version 3. I'm not sure
that it can be done with version 2 (without some hacking), because the
key is pooling and being able to "deny known clients" and as far as I
know, this is only available in version 3.
The plan is to give unknown clients a "10.10.x.y" IP number (for ease
of configuration, x happens to match the real subnet). In the
dhcpd.conf file, we have a shared network (for each subnet) composed
of the private network definition and the real one. Only those with a
"host" statement are allowed to get an IP number from the real pool:
--------------------8<---------Cut-Here----------8<--------------------
shared-network 801-TEST {
subnet 10.10.4.0 netmask 255.255.255.0 {
pool {
option domain-name "halls.indiana.edu";
option broadcast-address 10.10.4.255;
option routers 10.10.4.254;
range 10.10.4.1 10.10.4.10;
option domain-name-servers 149.159.26.76;
default-lease-time 300;
max-lease-time 300;
allow unknown clients;
deny known clients;
}
}
subnet 149.159.4.0 netmask 255.255.255.0 {
pool {
option domain-name "halls.indiana.edu";
option broadcast-address 149.159.4.255;
option routers 149.159.4.254;
range 149.159.4.21 149.159.4.195;
option domain-name-servers 129.79.1.1,129.79.5.100;
default-lease-time 14400;
max-lease-time 14400;
deny unknown clients;
}
}
} # End shared-network 801-TEST
host abcd { hardware ethernet 00:11:22:33:44:55; }
--------------------8<---------Cut-Here----------8<--------------------
Also, notice that the unregistered users are getting a different dns
server than the registered users. This "fake" dns server is set up to
give out only 1 address - the address of the registration web server -
for ANYTHING that is asked of it.
Periodically, a script is run which queries the database (mysql) and
recreates the dhcpd.conf file with all of the "registered" host
addresses and then restarts dhcpd.
I have only tested this on one subnet with a limited number of clients
but it seems to work great. I'm anxiously waiting for v3 to "become
soup" as I currently have about 75 subnets and 6500+ clients that I am
wanting to "close down access" using this configuration.
Feel free to get in touch with me for further details.
So far v3 seems quite stable. Any guestimates as to when it will come
off the "alpha" list? I'm really itching to put this into
production. :)
_ . | Trust the computer industry to
|_) || [EMAIL PROTECTED] | shorten "Year 2000" to Y2k. It was
|_)||||_| | this kind of thinking that caused
Passauer_| Residence Computing | the problem in the first place.
------------------------------------------------------------------------------
To unsubscribe from this list, please visit http://www.fugue.com/dhcp/lists
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] Please try to use the web
page first - it will take a long time for your request to be processed by hand.
Archives for this mailing list are available at
http://www.webnology.com/list-archives/dhcp/dhcp-server
------------------------------------------------------------------------------
