0

I manage an estate of RHEL workstations all of which use DHCP with static reservations.

On occasion—during a desk move, for example—a workstation might be connected to a port on the wrong VLAN and acquire an address on the wrong subnet. This causes various problems, not least of which is that the Windows-based DHCP and DNS services cause the host's DNS entry to be overwritten with the new (incorrect) address. Users can log in, but can't do anything because hosts on other subnets don't have permission to mount necessary fileservers.

To avoid these problems, I would prefer that incorrectly connected workstations reject DHCP addresses in unexpected subnets. I realise that I could probably blacklist the workstations' MAC addresses in other DHCP scopes but this would be difficult to automate.

Can Linux hosts, in particular RHEL 6 or 7, be configured only to accept DHCP addresses in certain subnets?

Flup
  • 7,978
  • 2
  • 32
  • 43
  • 1
    Not a direct answer to your question, but you can use the firewall (iptables or firewalld) to block DHCP traffic by IP address of the server. You will still send DHCP discover messages, but not receive the DHCP offers unless the IP address of the DHCP server is on your whitelist. – Jeremy Dover Aug 04 '17 at 15:42
  • That's a pretty good idea! I'll wait and see if there are other answers but in a few days you should turn that into a proper answer. – Flup Aug 04 '17 at 15:46

0 Answers0