# dhcpd.conf # # Configuration file for ISC dhcpd # KA ETHZ 03.12.2001 # Put PID file somewhere useful # This can be used by scripts to kill the running DHCP server pid-file-name "/var/run/dhcpd.pid" ; # Log everything on this channel log-facility local7 ; # This server is authoritative for all subnets # This means that if a client tries to renew an address that this server thinks # is inappropriate, this server will send a DHCPNAK. authoritative ; # We should NOT do DNS updates ddns-update-style none ; # Talk to omshell on this port. # This is actually the default, but if you don't set it, OMAPI is disabled. omapi-port 7911 ; # All clients get this domain name, unless overridden in subnet scope option domain-name "ethz.ch"; # All clients get these domain name servers, unless overridden option domain-name-servers 129.132.98.12, 129.132.250.220, 129.132.250.2 ; # The default lease-time is the lease time if nothing specific is requested default-lease-time 57600; # If a client requests more than the maximum lease-time, it gets the maximum. max-lease-time 172800; # Clients will be sent the DNS name associated with their allocated address get-lease-hostnames true ; # The server should check whether an address is in use before allocating it # This is a simple and by no means foolproof way of avoiding address conflicts ping-check true ; # Do NOT support bootp unless overridden in a subnet scope # Note that this doesn't satisfy the requirement to "deny dynamic bootp # clients" in subnet pools if you are using failover. deny bootp ; # This is a locally defined option. The ETHZ is using Cisco VoIP; the Cisco # phones get this option. Note that the name is irrelevant, the number, type # and evential value are what count for the client. We could have called this # option "freddy" if we wanted to. option ipphone code 150 = ip-address ; # # Our server hardware has two interfaces, one in subnet 129.132.1.0/24 and # one on 129.132.98.0/24. We need to tell the DHCP server about at least one # of them. For completeness, we tell it about both. Because we are using DHCP # relays, and no clients are actually on the two subnets, we define no pools in # these subnets, so no addresses can be allocated on these subnets. # # We want to listen on this network, but won't be allocating any addresses # in it. subnet 129.132.1.0 netmask 255.255.255.0 { } # We want to listen on this network, but won't be allocating any addresses # in it. subnet 129.132.98.0 netmask 255.255.255.0 { } # Addresses for VLAN100, kom-id # This is a "simple" DHCP scope; all the addresses in the subnet are managed # by DHCP except the router and the broadcast address. subnet 129.132.40.0 netmask 255.255.255.0 { # If you put the routers option (or any other option) inside the pool # declaration, it wil only apply to addresses given out from that pool. # By putting it in the subnet scope, it applies to all addresses served # out of this subnet. option routers 129.132.40.1 ; pool { # You MUST have this line if you are doing failover. # You MUST NOT have this line if you are not doing failover failover peer "dhcp" ; # You MUST have this line if you are doing failover. # You MAY have this line if you are not doing failover deny dynamic bootp clients ; range 129.132.40.2 129.132.40.254 ; } } # Addresses for VLAN101, kom-id-1 # This is a "simple" DHCP scope, but one that is NOT supported by failover. # This is about as simple as you can get and still be serving addresses. Some # clients can be configured with a fixed gateway address and still get their # own address via DHCP, but that seems pretty pathological to nme :-) subnet 129.132.41.0 netmask 255.255.255.0 { option routers 129.132.41.1 ; pool { range 129.132.41.2 129.132.41.254 ; } } # Addresses for VLAN118 stug-hg1 # This subnet has two ranges we want to allocate out of, hence two pool # declarations. It's a student docking network, so go for very short lease # times - note that the lease times here ovveride the globally defined ones. # Clients in this network also get two WINS server addresses. subnet 129.132.9.0 netmask 255.255.255.0 { option routers 129.132.9.1 ; option netbios-name-servers 129.132.64.177, 129.132.97.30 ; default-lease-time 3600 ; max-lease-time 3600 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.9.30 129.132.9.54 ; } pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.9.135 129.132.9.179 ; } # Notice that a pool can consist of a single address if desired. pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.9.200 129.132.9.200 ; } } # Addresses for VLAN270, vaw, vaw3, vaw-isg1 # This is a classic shared network. That is, there are several subnets on the # same media. We only issue addresses on two of those subnets. though. For # completeness, we mention the third subnet. Note that unless you use classes # or specify hosts, there is no way to differentiate between the subnets, # so clients will get addresses out of one of these pools effectively at random. shared-network vaw { subnet 129.132.59.0 netmask 255.255.255.128 { option routers 129.132.59.1 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.59.23 129.132.59.23 ; } } subnet 129.132.60.0 netmask 255.255.255.192 { option routers 129.132.60.1 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.60.50 129.132.60.100 ; } } subnet 129.132.86.160 netmask 255.255.255.224 { } } # A group of networks that we want to treat the same. # Note that this is NOT the same as a shared network. A group lets us specify # options etc that apply to all subnets in the group. There is no physical # relationship between the subnets mentioned. group residences { # These networks all get a different domain name and a different set of # nameservers. option domain-name "student.ethz.ch"; option domain-name-servers 129.132.200.2, 129.132.201.2, 129.132.202.2 ; option netbios-name-servers 129.132.200.3, 129.132.201.3, 129.132.202.3 ; subnet 129.132.200.0 netmask 255.255.255.0 { option routers 129.132.200.1 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.200.4 129.132.200.254 ; } } subnet 129.132.201.0 netmask 255.255.255.0 { option routers 129.132.201.1 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.201.4 129.132.201.254 ; } } subnet 129.132.202.0 netmask 255.255.255.0 { option routers 129.132.202.1 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.202.4 129.132.202.254 ; } } } # Addresses for VLAN 157 sdid # These guys get a different domain name, plus there are three machines that # should always get specific IP addresses. subnet 129.132.64.0 netmask 255.255.255.0 { option routers 129.132.64.1 ; option domain-name "d.ethz.ch"; pool { failover peer "dhcp" ; deny dynamic bootp clients ; # We don't want the three clients mentioned below to # get addresses out of this pool. This coincidentally stops ANY clients # mentioned in the config file from getting addresses out of this pool. deny known clients ; range 129.132.64.217 129.132.64.219 ; } host a157-1 { hardware ethernet 00:E0:B8:15:B9:72 ; fixed-address 129.132.64.120 ; } host a157-2 { hardware ethernet 00:04:76:90:38:3D ; fixed-address 129.132.64.121 ; } host a157-3 { hardware ethernet 00:B0:D0:9A:C4:49 ; fixed-address 129.132.64.122 ; } } # Addresses for VLAN235, id-hci # Clients in this subnet get a different domain name server ordering. Some # clients pay no attention to this, but it makes us feel good. subnet 129.132.106.192 netmask 255.255.255.192 { option routers 129.132.106.193 ; option domain-name-servers 129.132.250.2 ,129.132.250.220, 129.132.98.12 ; pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 129.132.106.205 129.132.106.219 ; } } # The VoIP network # Here's where we use that locally defined option! subnet 192.168.100.0 netmask 255.255.255.0 { pool { failover peer "dhcp" ; deny dynamic bootp clients ; range 192.168.100.10 192.168.100.252 ; option routers 192.168.100.1 ; option ipphone 192.168.101.11 ; default-lease-time 7200 ; max-lease-time 7200 ; } } # This simply defines a "known client", as in "deny known clients ;" etc. host blahblah { hardware ethernet 11:22:33:44:55:66 ; } # This is a fixed IP address, with the IP address specified as a name. Note # that this is not defined in any subnet declaration! In spite of that, it # will only be given the IP address of fixed.ethz.ch if the DHCP request # comes from an appropriate subnet. Note that the host with this MAC address # is also a "known client" due to this declaration. # Options specified in this declaration will override the options in the subnet # declaration, so you could specify (say) a different nameserver for this host. # This address (whatever fixed.ethz.ch resolves to) MUST NOT be in any declared # range (pool declaration)! host schizoid { hardware ethernet 00:03:47:20:3A:FB ; fixed-address fixed.ethz.ch ; }