I am setting up dhcp server for my public library and need to divide
clients into a number of pools on the same network. The different ranges
will be for different filtering requirements via squid/dansguard proxy.
I have inhouse clients: staff, adult patron, and child patron, that have
different filtering requirements and wireless guests that I want to
shorter lease times to handle the rapid turnover rate. Trying to
understand the terse manual, you assign pools via allow/deny members of
classes, but classes are assigned by matching on mac address or vendor
ids. Unfortunately as a poor rural library we have a hodge-podge of
hardware with no matachable pattern. So I can solve the inhouse clients
by using fixed-address, and remove them from the dynamic pool. Now the
dhcp server would be serving only the short term wireless guests from
the pool.
A common problem at libraries, you always get a few that are compelled
to misbehave and break the libraries TOS. In the past the librarians
would kick the offenders out of the library only to have them link in
from the step or parking lot. Since I have their mac address in their
initial lease I would like to prevent them from reestablishing a
connection when they are banned.
My thinking is this; the library's computers are static and not part of
the pool, the wireless clients would be unknown-clients, so set the pool
to allow only unknown-clients, and for the "bad-boys" add their hosts in
a group directive would make them "known" and therefore unable to get a
IP from the dhcp server.
group {
host banned1 { hardware ethernet 00:00:00:00:00:01; }
host banned2 { hardware ethernet 00:00:00:95:a6:c1; }
host banned3 { hardware ethernet 0c:f1:b6:fe:00:01; }
}
subnet 192.168.0.0 netmask 255.255.255.0 {
pool {
allow unknown-clients
range 192.168.0.200 192.168.0.250; #
default-lease-time 3600; # 1 hr
max-lease-time 10800; # 3 hrs
}
# inhouse static clients
host circulation1 {
hardware ethernet 0f:f0:b6:fe:00:01;
fixed-address 192.168.0.50
}
...
}
Would this work? Is there a better approach? I tried using groups to
assign a custom identifier, and then assign a classes by matching the
identifier value and used that to assign the pools, but could not seem
to get it to work. It also seemed too complicated.
# my identifer
option local-dept code 200 = text;
group {
host foo { hardware ethernet 00:00:00:00:00:01; }
host bar { hardware ethernet 00:00:00:95:a6:c1; }
...
option local-dept "staff";
}
....
class "staff" {
match if option local-dept code = "staff"
}
pool {
allow members of "staff";
...
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
Similar Threads
Linear Mode
