DHCP Authentication
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Jul 2 08:17:31 UTC 2008
Thinking some more about this, I don't think it's going to be easy to
achieve what you want without some interaction/help from the people
who run the host network.
You can't just fire up another DHCP server without upsetting the rest
of the network. You can't use different ports without getting support
from the routers.
IFF you can get the requisite support from the admins of the existing
DHCP server, this is what I think your best bet is going to be :
1) Find something unique to your devices that you can identify them
by. Worst case is to use a MAC list, but that gives ongoing
management issues. If you could set a specific option (or vendor
encapsulated option space) on your clients AND the host DHCP server
can be configured to ignore clients that have this set then you have
cracked the hardest part.
2) You get the host DHCP server configured to ignore your clients.
3) You configure your new DHCP server to ignore all but your clients.
If 2 is not possible, then it gets harder, and you'll have to look at
configuring/hacking the client to ignore offers from a server that
doesn't include some specific option.
Not too dissimilar to what you started off asking for, but without
requiring RFC<whatever) authentication support !
So I suppose the next question for those familiar with the ISC client
is : how hard would it be to configure it to ignore offers that don't
include a certain option or vendor option space ?
More information about the dhcp-users
mailing list