Topic: Restrict DHCP to specific MAC adresses

[greg]

Hi all,

I use SME 7 final as server only.
The server acts as DHCP server on the net.

I know that it is possible to assign ip based on the MAC, but the DHCP continues to assign ip's to machines also with unknown MAC.
Now, I would like to restrict access to get an IP via DHCP, based on the MAC adresses from the PC's connected to our net.

Can I do that? If so - do anybody knows how to do it...

Thanks..

/G

[psoren]

Hi all,

I use SME 7 final as server only.
The server acts as DHCP server on the net.

I know that it is possible to assign ip based on the MAC, but the DHCP continues to assign ip's to machines also with unknown MAC.
Now, I would like to restrict access to get an IP via DHCP, based on the MAC adresses from the PC's connected to our net.

Can I do that? If so - do anybody knows how to do it...

Thanks..

/G

You could set the the IP range to only cover the number of machines you connect and set them all to get a fixed IP from the DHCP server.
That you do on the admin console under "Setup this server"

Per

[greg]

Hi Per,

Thanks for the idea. Did not think about it. That could do the job.


/G

[psoren]

Hi Per,

Thanks for the idea. Did not think about it. That could do the job.


/G

Well, i haven't tried my self. Would you please let us know how it worked once you try?

Per[/url]

[greg]

Well, i haven't tried my self. Would you please let us know how it worked once you try?

Per[/url]

Sure - I will. It will take some time before I get back.

It could be an interesting feature to have automatical restrictions built into the DHCP - if enabled.

Thanks for the tip so far..

/G

[kruhm]

Possible you could also do this like this:

config setprop dhcpd AllowHosts 00:00:00:45:56:42, 00:0B:DB:00:00:00

signal-event remoteaccess-update

Hopefully, allowing the client macs you added to be allowed and automatically denying all others. Unfortunately, I don't know if this will work with mac addresses.

[fpausp]

Hi All,

I like to allow hosts via mac adress and give them a specific ip-adress is that possible with a sme7 ?

For example the first client is w01 and has the mac 00:26:54:08:25:58 and should get the ip 192.168.1.1. How can the syntax looks like ? (config setprop dhcpd ....)


I have a dhcpd.conf of an old rh7.3 server maybe that helps:

option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
option domain-name-servers 195.3.96.67, 195.3.96.68;
option domain-name "localdomain";

subnet 192.168.0.0 netmask 255.255.0.0 {
  range 192.168.0.200 192.168.0.250;
  host w01 {
    option routers 192.168.0.99;
    hardware ethernet 00:04:75:73:32:FB;
    fixed-address 192.168.0.101;
  }
  host w02 {
    option routers 192.168.0.254;
    hardware ethernet 00:00:31:47:8F:11;
    fixed-address 192.168.0.102;
  }
  host w03 {
    option routers 192.168.0.99;
    hardware ethernet 00:4F:4E:0E:92:8C;
    fixed-address 192.168.0.103;
  }
  host w04 {
    option routers 192.168.0.99;
    hardware ethernet 00:04:23:73:F0:F9;
    fixed-address 192.168.0.104;
  }
}


regards
fpausp

[raem]

fpausp

> I like to allow hosts via mac adress and give them a specific ip-adress is that possible with a sme7 ?

Configure them in the Hostnames panel.

[fpausp]

Thx, that's right, are all other pc´s now locked out ?

[greg]

Hi,

No. You have to 'occupy' all potential adresses on the LAN with MAC adresses.
Otherwise - the DHCP will give one of the available ones to any PC.
You can also just restrict the DHCP to a narrow range...

Cheers

/G

[Jean-Philippe Pialasse]

the adress you give to the host via the host pannel in the manager do not necessary need to be in the dhcp pool of adresses.

I suggest you to leave the dhcp pool to only one IP, and have a host that is always on , on this IP , otherwise a computer with dhcp would be able to take this ip thanks to the dhcp server.

that's what i do in my home and it's works perfect.

[mudtoe]

I'm not using SME yet as a DHCP server, but I read this with interest.  I'm looking to do something with a DHCP server that would allow me to assign known machines (i.e. the ones whose MAC address are in the table) into one subnet, and assign the unknown machines to a different subnet.  I've got a Zywall 5 router that's currently doing DHCP, and it also supports two additional IP aliases, which means I can have up to three subnets on my network.  The reason for segragating the machines based on subnet is that if the unknown machines are on a different subnet, they have to go through the router to reach the known machines which are on a different subnet, even if all machines are on the same switch.  

I had an incident a few months ago where someone brought in a laptop and plugged it into one of the ethernet jacks, and unfortunately that machine was infected, and it infected a machine on my local network that was in the process of being loaded with software, and didn't have the virus protection on it yet.  If I can force the unknown machines onto a different subnet I can use the Z5 firewall rules to prevent unwanted interaction between the two subnets.  

I tried this with the Z5, and I can assign static IP addresses via MAC addresses in the subnet range of one of the IP aliases (the DHCP dynamic pool itself must be in the range of the main IP subnet), but there is a bug in the Z5 where UPnP only works for the main IP subnet, not the alias ones, and unfortunately I need that service as I do a lot of Windows Remote Assistance with people.  

I'm hoping that I can switch the DHCP server function to SME-server and have it assign static IP addresses to the known machines into the range of the main IP address on the Z5, and assign unknown machines addresses in one of the Z5 IP alias ranges.  

mudtoe