Here's a snippet from my lab network ISC dhcpd.conf that sets options and
restrictions based on vendor tags.
Hope this helps,
Bill
--------dhcpd.conf--------
##
## dhcpd.conf -- ISC DHCP Daemon Configuration
##
option domain-name "billslab.com";
option domain-name-servers 192.168.1.10, 192.168.1.254;
option ip-forwarding false; # No IP forwarding
option mask-supplier false; # Don't respond to ICMP Mask req
option grubmenu code 150 = text;
option subnet-mask 255.255.0.0;
ddns-update-style none;
not authoritative;
deny unknown-clients;
log-facility local7;
# Each vendor tag has an option space defined similar to:
option space NewT;
option NewT.AuthSrvr code 21 = ip-address;
option NewT.AuthPort code 22 = unsigned integer 16;
option NewT.NewTVer code 23 = string;
option NewT.LogHost code 24 = ip-address;
option NewT.LogKern code 25 = unsigned integer 8;
option NewT.LogNet code 26 = unsigned integer 8;
option NewT.LogUSB code 27 = unsigned integer 8;
option NewT.LogVid code 28 = unsigned integer 8;
option NewT.LogAppl code 29 = unsigned integer 8;
option NewT.NewTBW code 30 = unsigned integer 32;
option NewT.FWSrvr code 31 = ip-address;
option NewT.NewTDispIndx code 32 = unsigned integer 32;
option NewT.Intf code 33 = string;
option NewT.NewTFlags code 34 = unsigned integer 32;
option NewT.AltAuth code 35 = array of ip-address;
option NewT.BarrierLevel code 36 = unsigned integer 32;
option NewT.BootServer code 66 = ip-address;
# other option spaces deleted for this example...
shared-network lab-maint {
class "NewT" {
match if substring(option vendor-class-identifier,0,9)="SUNW.NewT";
vendor-option-space NewT;
}
class "SUNWx86" {
match if option vendor-class-identifier="PXEClient:Arch:00000:UNDI:002
001";
vendor-option-space SUNWx86;
}
# options common to the class B network. we restrict fake class C ranges below.
subnet 192.168.0.0 netmask 255.255.0.0 {
authoritative;
allow unknown-clients;
option subnet-mask 255.255.0.0;
option broadcast-address 192.168.255.255;
option routers 192.168.0.1;
option domain-name-servers 192.168.1.10, 192.168.1.254;
min-lease-time 300;
default-lease-time 3600;
max-lease-time 10800;
allow bootp;
allow booting;
}
pool {
deny members of "NewT";
range 192.168.1.156 192.168.1.166;
}
pool {
deny members of "NewT";
range 192.168.2.11 192.168.2.100;
}
pool {
allow members of "NewT";
deny members of "SUNWx86";
range 192.168.4.100 192.168.4.254;
min-lease-time 300;
default-lease-time 86400;
max-lease-time 86400;
option interface-mtu 1500;
option NewT.BootServer 192.168.4.52;
option NewT.AuthSrvr 192.168.4.52;
option NewT.AltAuth 192.168.4.52;
option NewT.FWSrvr 192.168.4.52;
option NewT.NewTVer "4.0_48_2007.08.01.15.48";
}
}
# We use includes to keep the dynamic changes segregated from the preamble.
include "/opt/csw/etc/dhcp_static.conf";
include "/js/etc/labjs1/dhcpd_Solaris_10_x86.conf";
--------END of dhcpd.conf--------
The "dhcp_static.conf" file would contain something like:
group {
use-host-decl-names on;
next-server 192.168.1.252;
host labunknown {
hardware ethernet 00:aa:bb:cc:dd:ee;
fixed-address 192.168.1.165;
}
}
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ottomeister
Sent: Tuesday, February 12, 2008 11:09 AM
To: SunRay-Users mailing list
Subject: Re: [SunRay-Users] Restrict DHCP to Sun Rays
On Tue, Feb 12, 2008 at 4:41 AM, Bob Doolittle <[EMAIL PROTECTED]> wrote:
> My recollection is that there is a way to configure the ISC DHCP
> server to only assign addresses to equipment with specific vendor
> tags, but I confess I haven't studied it recently.
That's my recollection too.
The Solaris DHCP server can't do that. It can be configured to lock address
allocation to specific MAC addresses, which isn't as convenient but might be
acceptable if the Sun Ray population is stable.
OttoM.
__
ottomeister
Disclaimer: These are my opinions. I do not speak for my employer.
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
