How can I "lock" a range of IPs within a subnet
digitalapnea
02-02-2012 20:25:50
Say I have defined a subnet of 192.168.1.0/24.
Now say I want to reserve or lock-out the IPs 192.168.1.2 through to 192.168.1.10 such that they cannot[/u:22bkyam5] be selected by a user who only has the "host_add" permission when they add a new host.
How can I achieve this? I've tried using the "Blocks" feature but it still allows a user with only the "host_add" permission to choose an IP from a "Block" when they are adding a new host. I want these users to be able to choose an IP, but not from selected "reserved" ranges within the subnet.
Any ideas?
Thanks!
Now say I want to reserve or lock-out the IPs 192.168.1.2 through to 192.168.1.10 such that they cannot[/u:22bkyam5] be selected by a user who only has the "host_add" permission when they add a new host.
How can I achieve this? I've tried using the "Blocks" feature but it still allows a user with only the "host_add" permission to choose an IP from a "Block" when they are adding a new host. I want these users to be able to choose an IP, but not from selected "reserved" ranges within the subnet.
Any ideas?
Thanks!
Matt
03-02-2012 11:04:39
There is currently no feature that would allow this.
There are plans to make the auth system much more robust to allow for things like this but we are a ways out on that.
The only really bad idea I could suggest is to define DHCP pools on the subnet that encompass your ranges. This would only work if you are NOT using ona to build your DHCP configuration, and it would lock those IP from being used by anyone at all which is pretty useless.
The blocks feature is really more about tracking arbitrary sets of IPS and CIDR ranges by name.
There are plans to make the auth system much more robust to allow for things like this but we are a ways out on that.
The only really bad idea I could suggest is to define DHCP pools on the subnet that encompass your ranges. This would only work if you are NOT using ona to build your DHCP configuration, and it would lock those IP from being used by anyone at all which is pretty useless.
The blocks feature is really more about tracking arbitrary sets of IPS and CIDR ranges by name.