Linux bind ip to mac

Configuring MAC binding in DHCP Server

configuring MAC binding in DHCP server means permanently assigning static Internet protocol (IP) to the DHCP client using client MAC address.

We don’t want to give automatic IP address to servers, which are service providers. As a example if a NFS or Samba Server IP got changed automatically after a reboot are Network restart then all client who are acessing NFS and Samba shares can’t be accessible using old IP address each and every time we have to intimate to the employees if server IP address changed. Not only about accessing the NFS and Samba shares some of the shares maybe used for hosting of application. Hot coded links in HTML/PHP intranets all things get effected due an single IP address change.

Our goal is to set static IP address to DHCP client (server) using DHCP server configuration, which is called as configuring MAC binding

first step is to configure DHCP server, please refer below link

DHCP server installation and configuration Step by Step Guide

Configuring MAC binding

after configuring the DHCP server restart the service and verify status

[root@mail ~]# systemctl restart dhcpd.service [root@mail ~]# systemctl status dhcpd.service

collect client machine MAC address simple trick, ping to all the clients which you want configure MAC binding then run # arp -a command

[root@mail ~]# ping 192.168.4.12 PING 192.168.4.12 (192.168.4.12) 56(84) bytes of data. 64 bytes from 192.168.4.12: icmp_seq=1 ttl=64 time=0.290 ms ^C --- 192.168.4.12 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.290/0.323/0.356/0.033 ms [root@mail ~]# arp -a ? (192.168.4.2) at 00:50e:56:ee:4e:e2 [ether] on eno16777736

Edit the configuration and change as required

[root@mail ~]# vim /etc/dhcp/dhcpd.conf host nfsserver

as shown above we have to add host short name MAC address and host IP address.

If you want to configure MAC binding for 50 servers then copy the same line and paste below 50 times and change there MAC address, hostname and IP address accordingly.

test configuration file before restarting DHCP server

[root@mail ~]# dhcpd configtest Internet Systems Consortium DHCP Server 4.2.5 Copyright 2004-2013 Internet Systems Consortium. All rights reserved.

[root@mail ~]# systemctl restart dhcpd.service [root@mail ~]# systemctl status dhcpd.service

That’s it restart network services in client and verify specified IP address it will get. If you restart 100 times also you will get same IP address from DHCP lease.

Please provide your valuable comments

Related Articles

Thanks for your wonderful Support and Encouragement

More than 40000 Techies in our community do you want part of it Join Now

My Name is ARK. Expert in grasping any new technology, Interested in Sharing the knowledge. Learn more & Earn MoreView all Posts

Источник

In this how to i describe how to bind MAC with IP to restrict users in your network to change their IP’s to bypass filtering. To ease the setup i will create small scripts to simplify our work. Here i will not describe how to config squid and how to run it. I assume you have already configure it.

1) Grep MAC Addresses

Let suppose we have 10 machines with IPs range 192.168.0.1 – 192.168.0.10, you have to get mac address for them using following command.

Besure your machines are up and pingable, else you will get empty lines and you have to remove them manually.

for i in seq 1 10 ; do ping -c 1 192.168.0.$i; arp -n 192.168.0.$i | grep -v Address | grep -v incomplete | awk ‘’ >> ip-mac.txt; done

This command will get required mac address with IP in a file named ip-mac.txt

cat ip-mac.txt
192.168.0.1 00:1D:09:6B:3C:28
192.168.0.2 00:1D:09:6A:EA:02
192.168.0.3 00:1D:09:71:2C:34
192.168.0.4 00:1D:09:6A:CB:85
192.168.0.5 00:1D:09:6A:C3:15
192.168.0.6 00:1D:09:6A:CA:8B
192.168.0.7 00:1D:09:6A:CB:DA
192.168.0.8 00:1D:09:6A:CC:34
192.168.0.9 00:1D:09:6B:11:76
192.168.0.10 00:1D:09:6B:36:6F

2) Create ACL For SQUID.

I will create a small bash script to easy my work.

i=1
cat ip-mac.txt | while read a; do b= echo $a | cut -f 2 -d » » ; echo “acl mac$i arp $b” >> squid-mac-filter.txt; i= expr $i + 1 ; done

cat squid-mac-filter.txt
acl mac1 arp 00:1D:09:6B:3C:28
acl mac2 arp 00:1D:09:6A:EA:02
acl mac3 arp 00:1D:09:71:2C:34
acl mac4 arp 00:1D:09:6A:CB:85
acl mac5 arp 00:1D:09:6A:C3:15
acl mac6 arp 00:1D:09:6A:CA:8B
acl mac7 arp 00:1D:09:6A:CB:DA
acl mac8 arp 00:1D:09:6A:CC:34
acl mac9 arp 00:1D:09:6B:11:76
acl mac10 arp 00:1D:09:6B:36:6F

i=1
cat ip-mac.txt | while read a; do b= echo $a | cut -f 1 -d » » ; echo “acl ip$i src $b” >> squid-ip-filter.txt; i= expr $i + 1 ; done

cat squid-ip-filter.txt
acl ip1 src 192.168.0.1
acl ip2 src 192.168.0.2
acl ip3 src 192.168.0.3
acl ip4 src 192.168.0.4
acl ip5 src 192.168.0.5
acl ip6 src 192.168.0.6
acl ip7 src 192.168.0.7
acl ip8 src 192.168.0.8
acl ip9 src 192.168.0.9
acl ip10 src 192.168.0.10

To generate http_access allow lines, you have to get the max number of your list of IP’s and MAC’s. Here i have is 10, sure both will be the same 🙂

for i in seq 1 10 ; do echo “http_access allow mac$i ip$i” >> http-access-squid.txt; done

cat http-access-squid.txt
http_access allow mac1 ip1
http_access allow mac2 ip2
http_access allow mac3 ip3
http_access allow mac4 ip4
http_access allow mac5 ip5
http_access allow mac6 ip6
http_access allow mac7 ip7
http_access allow mac8 ip8
http_access allow mac9 ip9
http_access allow mac10 ip10

Now concatinate three files i.e squid-ip-filter.txt, squid-mac-filter.txt and http_access_squid.txt

cat squid-mac-filter.txt squid-ip-filter.txt http-access-squid.txt >> acl-final.txt

and copy from acl-final.txt to paste on appropriate location in squid.conf, dont forget to put http_access deny all on the last :).

To get more help on it please use comments.

about the author: Sohail Riaz

I am a First Red Hat Certified Architect — RHCA (ID # 110-082-666) from Pakistan with over 14 years industry experience in several disciplines including LINUX/UNIX System Administration, Virtualization, Network, Storage, Load Balances, HA Clusters and High Performance Computing.

related posts

Источник

Introduction to Bind IP to MAC

While being the DHCP server for the LAN network, Vigor Router provides Bind-IP-to-MAC for DHCP Reservation. If you reserve an IP address, it will be excluded from the DHCP pool, and only the device (MAC address) binding to it can obtain the that IP address from the router. The feature allows Network Administrator to give some devices a specific IP address while using DHCP for the network IP configuration, especially for the devices that are often accessed by other LAN clients, such as a printer, network storage, or servers. Also, it enables the Network Administrator to manage the IP address of each LAN client, without the need for configuration on each device individually.

This article is going to introduce how to use Bind IP to MAC in normal mode and Strict Mode , and also Exporting the IP Bind List

Set up Bind IP to MAC

1. Go to LAN >> Bind IP to MAC, select Enable. 2. Add an input to the IP-MAC bind list. The ARP table shows the devices that are connecting the router and their current IP address. You may add a MAC address from the ARP table by selecting a device from the ARP table then click Add. Or manually enter a pair of IP address and a MAC address, then click Add. 3. Finally, click OK to apply the settings.

Strict Mode

When Bind-IP-to MAC works in the normal mode, a device in the list will always get the assigned IP address every time it sends a DHCP discover. As for the unlisted devices, it will get an IP address from the IP Pool but out of the IP Bind List. However, if you check Strict Mode, only the devices on the IP Bind List will be allowed to access the network. The router will block access from devices NOT on the list. Since only registered devices can have access, Strict Mode can add a layer of security to your network.

Strict Bind for Some Subnet Only

Since firmware version 3.8.5, Strict Bind can apply to the specific subnet only so that you can use Strict Bind for the subnet requires higher security, while the other IP subnet can still use DHCP.
NOTICE: If none of the LAN subnets is selected in the «Apply Strict Bind to Subnet» settings, then the strict mode works as before and will apply to the entire LAN network.

Copy and Backup the IP Bind List

Since firmware version 3.7.4.2, you can download the MAC-IP Bind List and restore it to other DrayTek routers which supports this feature.

Set up Bind IP to MAC

1. Go to LAN >> Bind IP to MAC, select Enable for Mode. 2. Add an input to the IP-MAC bind list. The ARP table shows the devices that are connecting the router and their current IP address. You may add a MAC address from the ARP table by selecting a device from the ARP table then click Move. Or click Add at the Bind Table and manually enter a pair of IP address and a MAC address. 3. Finally, click Apply to save the settings.

Strict Mode

When Bind-IP-to MAC works in the normal mode, a device in the list will always get the assigned IP address every time it sends a DHCP discover. As for the unlisted devices, it will get an IP address from the IP Pool but out of the IP Bind List. However, if you check Strict Mode, only the devices on the IP Bind List will be allowed to access the network. The router will block access from devices NOT on the list. Since only registered devices can have access, Strict Mode can add a layer of security to your network. To use Strict Bind, choose «Strict Bind» for Mode, and check the subnet to apply the restriction.

Copy and Backup the IP Bind List

We can download the Bind Table from the router for backup or importing to other Vigor Router Click the Export button to save the Bind list into a .cfg file named «ipbindmacs.cfg» NOTE: The exported list can be restored to Vigor3900, Vigor2960, Vigor300B and the Vigor router with firmware version 3.7.4.2 or later. Due to the configuration difference on each model, the exported bind list will not contain the profile name; you will find the profile name become default name as «1_192_168_1_10» after importing to other devices. If you want to keep the profile name, go to System Maintenance >> Configuration Backup, select «Bind IP to MAC» for Select Config File and download the whole configuration.

Sorry about that. Contact Support if you need further assistance, or leave us some comments below to help us improve.

Источник

bind the MAC with IP address?

I have configured a DHCP server on Linux. My goal is to map client IP address with their MAC address in such a way that no «unregistered» client machine gets a response from the DHCP server. That is, I would like to give them Internet access one by one through IP and MAC binding.

Please clarify: are you saying that you want your DHCP server to only answer requests from clients with known MAC addresses? Do you need this to work with ISC dhcpd (shipped with RHEL), or are you willing to try a third-party server if that’s what’s needed to make this work? Also, why are you doing this? If it’s for security, it’s not going to help much; it’s way too easy to defeat.

@Warren: considering user2914’s posting history, this is homework. @user2914: Homework questions are ok here (at least they’re ok on Stack Overflow and I don’t see why this site should be different), but you shouldn’t try to hide it, that won’t help you get better replies (it’s usually obvious anyway and seeing that you tried to hide it makes people less willing to help you).

@Warren Young My main purpose is to map client IP address with their MAC address in such a way that no client machine get IP from DHCP server. this means that I would like to give them Internet access one by one through IP and MAC binding. Moreover, without mac binding no system should get IP from DHCP server. The client machine whose MAC address is not enterd in server, should not get ip address from DHCP server. So how can I implement this in Linux (RHEL 5 ) machine?

Источник