11-21-2018 02:39 AM
I was wondering if there is a way to assign specific IP addresses from a range, using the hostname of a host as a criterion. I am trying to find a solution to the following case:
I have a university lab whith 20 PCs. The PCs belong to a /24 network and due to other constrains (security, network access control) I cannot create a different subnet for them so I can control the network access of these PCs without affecting the rest of the network they belong. What I did, was to reserve a range of 20 IPs based on the PCs MAC address from the DHCP pool of the network they belong. I then use access lists on that network's router to block their access when the students have exams. So far so good. However, when our technical support replaces lab PCs, the MAC addresses change. As a result the replaced PCs do not get an IP within the controlled range. As the technical support does not communicate directly with our engineering we don't know of these incidents and problems arise when the control needs to be in place. On the other hand, the hostnames of the lab PCs have a specific structure and the replaced PCs (or even new additions) follow the hostname scheme (e.g. their hostnames are 7 characters long and start with the letters CES). So I was thinking, if there is a way to tell the Infoblox DHCP server to assign the IPs to hosts whose hostnames begin with CES**** rather than using their MAC address, would be great.
Any help and thoughts are appreciated.
11-22-2018 12:12 PM - edited 11-22-2018 12:13 PM
Assuming that the clients are going to be sending the hostname via DHCP option 12, sounds like you may create an IPv4 option filter with match rule substring(option host-name,0,3)="CES") to fulfil this requirement. To do this you may :
1) Go to Data management -> DHCP -> IPv4 filters -> Create an IPv4 Option filter with the following rule -> Save :
Host-name (12) string -- substring equals -- (Offset=0 ; Length=3) -- CES
2) Create a DHCP range exclusively for these students with the range of IP addresses that you’re comfortable with.
3) Edit the above DHCP range from which the students are suppose to get a lease -> Under ‘IPv4 filters’ -> Add the filter created above under ‘Class Filter List’ -> Select the Action to be ‘Grant lease’. This should automatically deny leases for any clients whose hostname doesn’t begin with ‘CES’, from this specific range.
4) Now if there are any other DHCP ranges for the same network, you must ‘Deny’ the filter created above under ‘Class Filter List’. Else, the students may get a lease from that specific DHCP range.
Hope that’ll work out for you. I would recommend you to try this in a test environment -> Verify that this doesn’t break anything -> Then configure this in your production. Let me know if you have any questions.
I'm interning at USRobotics and we have a lab with 7 PCs. Is it the right solution to enable MAC filters for our DHCP server? Can I approve new users without typing in their MAC address manually?