DHCP Pool for specific MACs



  • I have a bunch of devices all from the same manufacturer and I would like to hand out IP address from my DHCP server outside of the normal pool of addresses.  I figured out how to create another pool but I want to set it up so that any MAC that starts with a certain way will get an IP from that new pool and nothing else will be in that pool.



  • I don't think the DHCP server supports wildcards in the MAC addresses.  You'll have to specify them individually.


  • Rebel Alliance Global Moderator

    When you create your pool just put part of the mac you want to use that in the allow section of mac control

    The note seems pretty clear that it can be partial here so this would limit your devices from getting from this pool.

    How many devices do you have exactly?  Its easier to just set a reservation for them, now you know for sure what device is what IP, etc.  If you had hundreds or something than yet that could be  PITA and just letting them pull from specific pool would be simple solution.




  • Where does it say partial MACs are OK?  In DHCP mapping it says "MAC address (6 hex octets separated by colons)".  Last time I checked, 6 means 6.


  • Netgate

    You can set up a separate pool outside the main pool. Still has to reside within the interface subnet. That pool can include a partial MAC address so you could add things like OUIs for phones, etc.



  • Found it.  Too bad it has to be within the subnet.  One use for this might be in assigning phones or cameras, etc. to a VLAN (DHCP option 132).  But requiring the addresses to be within the same subnet rules that out.



  • @johnpoz:

    When you create your pool just put part of the mac you want to use that in the allow section of mac control

    When I do this, I find that the allowed mac remains allowed in the main pool as well. Do I need a deny section of mac control in the main pool for the corresponding mac?


  • Rebel Alliance Global Moderator

    Yeah ^ since your main pool would allow all, you need something to only pull from that pool.

    You could deny all on the main pool, and then create specific allow lists on your sub pools.  you need something that would prevent them from using the main pool.  You could just deny those specific partial mac in the main pool or deny all that you do not have reservations for, etc.



  • Alright, I got back to this and it still isn't working right. Now, the devices won't grab an IP at all. I did what was suggested here.

    I have a bunch of devices all from the same manufacturer so the first half of all their MACs is the same. I have a general pool of 50 addresses within my subnet for most devices. I am setting up an additional pool of 50 addresses for these devices I want segregated. I put the first half of the MAC in the pool and also put it in the base pool in the deny list. The idea being that they won't be allowed in the base pool but would be allowed in the secondary pool. Now, they aren't getting any address from DHCP.

    My guess is that the base pool deny overrides the sub pool allow. If this is the case, how should I be configuring this?


  • Rebel Alliance Global Moderator

    What does your dhcpd log say?



  • @johnpoz Check the logs...I am a red. I should have thought of that.

    DHCPDISCOVER from ac:cc:8e:8f:ac:b8 via em1: network 192.168.13.0/24: no free leases

    Not sure why it would claim there are no free leases.


  • Rebel Alliance Global Moderator

    Because you don't have any free leases ;) When I get home I will duplicate this type of setup.. I just don't have any way to force client renew when remote, etc.

    Oh wait could prob do with a VM... Give me a bit if real work doesn't bother me ;) heheeh

    Post up your pools..



  • @johnpoz Don't bother...once again my attention to detail fails me. I figured it out and it works now. It helps that when I put in the partial MAC, I get it correct. I had a character off on my allow and once I changed that, it works. Cameras are now getting a DHCP address from the proper pool. Thanks for you patience.


  • Rebel Alliance Global Moderator

    Ok... Got a VM... Here is lease it just got
    192.168.2.216 02:11:32:25:fa:2d clean 2018/08/06 18:15:23 2018/08/08 18:15:23

    That is out of the normal pool...So going to deny its 02:11:32, and put that into a different pool for allow.. Then do a reboot of that vm..

    0_1533580531752_pools.png

    So on reboot client got
    192.168.2.40 02:11:32:25:fa:2d clean 2018/08/06 18:34:48 2018/08/08 18:34:48

    And in log.

    Aug 6 13:34:48 dhcpd DHCPACK on 192.168.2.40 to 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:34:48 dhcpd DHCPREQUEST for 192.168.2.40 (192.168.2.253) from 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:34:48 dhcpd DHCPOFFER on 192.168.2.40 to 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:34:47 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2
    Aug 6 13:34:35 dhcpd DHCPRELEASE of 192.168.2.216 from 02:11:32:25:fa:2d (clean) via igb2 (found)

    Worked exactly how it should..

    edit
    Ok so I now removed that extra pool... And rebooted that vm again... An now its getting told to F no free leases for you ;)
    Aug 6 13:45:32 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2: network 192.168.2.0/24: no free leases
    Aug 6 13:45:24 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2: network 192.168.2.0/24: no free leases
    Aug 6 13:45:21 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2: network 192.168.2.0/24: no free leases
    Aug 6 13:45:17 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2: network 192.168.2.0/24: no free leases
    Aug 6 13:45:14 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2: network 192.168.2.0/24: no free leases

    So my take would be your other pool you created is not correct, or don't have the allow setup correct on it? Or it didn't get started? etc..

    So I removed the block mac listing on the normal pool and bam client got its IP..

    Aug 6 13:48:47 dhcpd DHCPACK on 192.168.2.216 to 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:48:47 dhcpd DHCPREQUEST for 192.168.2.216 (192.168.2.253) from 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:48:47 dhcpd DHCPOFFER on 192.168.2.216 to 02:11:32:25:fa:2d (clean) via igb2
    Aug 6 13:48:46 dhcpd DHCPDISCOVER from 02:11:32:25:fa:2d via igb2
    Aug 6 13:48:46 dhcpd Server starting service.