Question about dhcp-client-identifier
Darren
perl-list at network1.net
Wed Aug 22 14:05:46 UTC 2007
It is several hostile environments. Basically, we do not want users to
have the ability to become invisible due to legal issues in the USA
(CALEA). We don't expect to fix the users that attempt this or just
happen to have the same mac, but rather break them. Right now when this
situation arises, the users become essentially invisible (you can see
one, but not the other) as uniqueness is gone. Some networks do not
break at layer 2, such as some flavors of ATM DSL, cable modem networks
and the like. Basically, users could hide by changing their mac address
to someone else's.
Glenn Satchell wrote:
>> Date: Wed, 22 Aug 2007 14:38:52 +0100
>> To: dhcp-users at isc.org
>> From: Simon Hobson <dhcp1 at thehobsons.co.uk>
>> Subject: Re: Question about dhcp-client-identifier
>>
>> Darren wrote:
>>
>>
>>> > In both cases the devices will not work properly, wouldn't it be
>>>
>>>> better for them to be very broken so that the problem is less subtle
>>>> and less hard to diagnose ?
>>>>
>
> Why are you even worrying about this situation and DHCP? If two devices
> on the same subnet have the same mac address then things break at layer
> 2. Think about the ARP table, fo rexample. It doesn't even matter
> whether they have the same or different IP addresses. It also doesn't
> matter whether they got this address by DHCP or manually setting it -
> the network will still be broken.
>
> I can only assume that you are working in a "hostile" environment like
> a University computer lab or similar and expect users to change their
> mac address manually.
>
> Either way, this is not something that can really be "fixed" with a dhcp
> configuration.
>
> regards,
> -glenn
>
More information about the dhcp-users
mailing list