Topic: Force DHCP To Refuse Clients A DHCP Lease Depending On Client MAC Address

[hatsa]

Can I make my sme server refuse DHCP leases to clients Depending On Client MAC Address if i typed the mac address in the server the server will give him ip and if i didn't typed his mac the server will not give him ip

[David Harper]

You can do this by deploying custom templates for the dhcpd configuration files. But it is quite complicated and messy; SME Server is not really designed for this kind of thing.

[cactus]

Can I make my sme server refuse DHCP leases to clients Depending On Client MAC Address if i typed the mac address in the server the server will give him ip and if i didn't typed his mac the server will not give him ip

May I ask what you are trying to do? Are you trying to manage a wireless network through SME Server. If so you might be better of connecting a wireless router to the WAN side and list allowed MAC addresses in there. I have this setup myself as well. I use a wireless router with fixed ports as well and have defined the IP range it hands out as a additional local network on my SME Server.

[hatsa]

do u mean sme server cant do this i dont think so

[David Harper]

I don't understand your question. Either you can deploy custom templates or use the configuration suggested by cactus.

[CharlieBrady]

You can do this by deploying custom templates for the dhcpd configuration files. But it is quite complicated and messy; SME Server is not really designed for this kind of thing.

No, it's much simpler than that. Configure SME server to only offer N leases via DHCP (using console) and configure each of the N leases to match a specific MAC address, via the Hostnames and Addresses panel.

[David Harper]

Sweet, thanks for the tip!

[hatsa]

plz CharlieBrady can  you explain it more than this

[Reinhold]

(1) Set address range for let's say 10 addresses
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Configuring_the_DHCP_Address_Range
(2) Give those 10 available addresses to a fixed mac address
http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter13#Hostnames_and_addresses

Regards
Reinhold

[hatsa]

thanx Reinhold but this is the half answer plz now i know how to give the clinet the same ip by the clint MAC Address in the hostnames but i want now the clints that i didn't Add them MAC Adderss the internet will notwork on the clint computer till i add his MAC Address in the host names plz plz plz some body tell me how i want it veryyyy much some body help me plz

[cactus]

thanx Reinhold but this is the half answer plz now i know how to give the clinet the same ip by the clint MAC Address in the hostnames but i want now the clints that i didn't Add them MAC Adderss the internet will notwork on the clint computer till i add his MAC Address in the host names plz plz plz some body tell me how i want it veryyyy much some body help me plz

The answer is in the posts in this forum. If you list all allowed hosts in the hostname panel by MAC address and do limit the DHCP range to the number of hosts added there no other IP addresses should be handed out, hence no connection should be possible to the network. If it does launch a bug report please.

[hatsa]

this is not what i mean cactus i mean if i have 20 clints and and i made the range from 1 to 254 ok any one plug acable in any switch will have access to the internet right i didn't want this i know what you meen cactus you have choose the easy way but what i want to do the dhcp server dont give ip's to any one only the mac address in the hostnames i dont want to controle it from the range i want to control it from the dhcp server and thanx for your litil help

[cactus]

this is not what i mean cactus i mean if i have 20 clints and and i made the range from 1 to 254 ok any one plug acable in any switch will have access to the internet right i didn't want this i know what you meen cactus you have choose the easy way but what i want to do the dhcp server dont give ip's to any one only the mac address in the hostnames i dont want to controle it from the range i want to control it from the dhcp server and thanx for your litil help

There is no solution for that AFAIK. Why would you setup such a broad range as you are not allowing only known hosts access anyway? It is just a matter of increasing the DHCP range for every MAC address you ad in the hostname panel when doing the management.

[nakor_au]

I think he/she might have different computers/devices pluging into the network, and just making the scope bigger each time will not fix the problem.

[Stefano]

Hi

what the OP wants it's (IMO) a captive portal or something similar.

I don't remember if SME has such a functionality, but I think that something like m0n0wall it's the rigth tool

my 2c

ciao
Stefano

[Franco]

This is what he's looking for:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/dhcpd.conf

echo " deny unknown-clients;" > /etc/e-smith/templates-custom/etc/dhcpd.conf/25DenyUnknownHost

[hatsa]

thanx stuntshell you are the one 

[hatsa]

plz i want to Deny the pc's that have manual IP the pc's that didn't use the dhcp server to get ip plz i want to deny them to just tell me

[David Harper]

That is a seperate problem. It depends on what you want to block them from doing.

If you want to restrict Internet access, try DansGuardian.

If you want to block all network access by unauthorised users, you could investigate MAC address security on your switches.

[hatsa]

thanx David Harper but i have tryed it befour i am wating for you stuntshell

[CharlieBrady]

plz i want to Deny the pc's that have manual IP the pc's that didn't use the dhcp server to get ip

If that is what you wanted, then that is what you should have asked for. You have wasted a lot of people's time by saying that you wanted to refuse clients a DHCP lease.

SME server has no facility for selectively blocking or ignoring LAN traffic. You will need to develop it yourself, or use the capabilities of a higher end ethernet switch.

[David Harper]

I recommend TP-Link web managed switches. They have MAC security and are affordably priced.

[cactus]

If that is what you wanted, then that is what you should have asked for. You have wasted a lot of people's time by saying that you wanted to refuse clients a DHCP lease.

I second that, please read and try to follow the guidelines set out here: http://wiki.contribs.org/SME_Server:Community:Forum

[Stefano]

I second that, please read and try to follow the guidelines set out here: http://wiki.contribs.org/SME_Server:Community:Forum

I will add: hatsa please write in plain english and not in sms way, thank you

[Franco]

plz i want to Deny the pc's that have manual IP the pc's that didn't use the dhcp server to get ip plz i want to deny them to just tell me

That will be an ARP feature, not DHCP. You'll need to make all your entries static, it will be a lot of work since SME is not really designed for that. Please follow the suggestions above or change your topology, by either adding a router that does the job, or a switch capable of controlling the ARP entries.

Thanks,