DHCP

[jasetheface]

I have My DHCP server Running It works Great......
But what I want To do Is 1 of 2 things....................

I would like it if.................

When client asked for an IP address it would look at the hostname
and if the host name matched a "LIST" some List It would give that host an IP ADDRESS.

OR........................

When A client asked for an IP Address it Promt user of client for user name and password mark that user an only give one ipaddress to that user..

I don't know if ither is possible or not but that's what I need.........

Thanks for Your help in advance.................
_________________
The world isn't a bad place, It just has some bad places.........

[nemo_]

[ajnabi]

I'm not 100% sure about this, but you might be wanting a VPN (Virtual Private Network). They are usually used to connect long distance, but can also be used for local network control. I'm new to them so you might have to google and read up on it to see if that is best for you.

[jasetheface]

Problem with this option is users can change interfaces at will or spoof mac addresses causing system to hang. Futhermore it is hard for me to say what the mac address will be. The users on this network are an extended lan connection.

[nemo_]

If you are worrying about MAC spoofing and all then you need to start looking into VPNs - just configuring your dhcp server will not protect your LAN since any client can still assign a valid IP and ignore DHCP settings alltogether ..

[codemaker]

One more vote to the VPN:

If you are really serious about restricting IP assignments and you have a lot of potencial users, VPN is the way to go . DHCP doesn't have any secure authentication method.

[jasetheface]

If I use VPN I will need to load software on all end user computers?

There is a learning curve with the users on my network that needs something that is simple......

How would it work?
_________________
The world isn't a bad place, It just has some bad places.........

[nemo_]

the software is going to depend on your setup - there are several alternatives available for linux/windows/mac ...

you might want to lookup information on IPSEC as it is probably the best VPN you can get (but this is going to take more effort than setting up your DHCP daemon of course ..)
it's up to you to decide wether that's really needed - it's easier to make a good security policy and not allow any unauthorized device to physically connect the network (that excludes wifi, of course).

[jasetheface]

If I tell users what mac address to use for dhcp....
Where do I code the list of mac addresses and is there a "privite range" of addresses tha I should use?

The problem with using VPN is this network will be too fluid. And I Think that vpn will be too hard for the users.............
_________________
The world isn't a bad place, It just has some bad places.........

[codemaker]

Every network interface card has it's unique MAC address. There's not range of MAC addresses you can use. The addresses are already assigned in the network cards hardware.

If you want to restrict assingning IP addresses to a limited number of MAC addresses, you have to make a list of your users' interface card's mac addresses. This can be a problem if you have lots of users. You can then config your dhcp server do answer to only those MAC addresses.

This is the config I use at home to assign a fixed IP address to each MAC address.

[jasetheface]

When I start DHCPD I get

[nobspangle]

you can make a list of known hostnames, but you also have to include the mac address (I think) I suppose you could try it without.

Once you've created your list of known hosts you use the deny unknown-clients directive to stop any other boxes connecting.