command to ignore certain macs?
rackow at mcs.anl.gov
rackow at mcs.anl.gov
Fri Oct 3 03:21:46 UTC 2008
While this works, the problem that I have with it is that the client
will keep asking for an address over and over. Your logs get big, ...
So, create the subnet on non-routed private space where you allow bogons.
Don't route that net, give them a long lease time, and they basicly go away.
--Gene
Andy Hood made the following keystrokes:
>Create a class. Make them all members of that class. Deny that class in all
>your pools.
>
>class "bogons" {
> match pick-first-value (option dhcp-client-identifier, hardware);
>}
>
>subclass "bogons" 1:xx:xx:xx:xx:xx:xx;
>
>subnet x.x.x.x netmask x.x.x.x {
> authoritative;
> pool {
> deny members of "bogons";
>...
> }
>}
>
>
>Regards,
>Andrew J Hood
>
>RIP: Robert Jordan (James Oliver Rigney, Jr.) (Oct 17, 1948 – Sep 16, 2007)
>
>
>dhcp-users-bounce at isc.org wrote on 03/10/2008 09:42:44 AM:
>
>> Is there a way to specify a list of MACs which should NOT
>> be assigned an IP?
>>
>> I have a few rogue computers accessing my network, and acquiring
>> an IP from my pool. Rather than create a whitelist, I would prefer
>> to create some sort of blacklist 'DO NOT TALK TO THESE MACS'.
>> Is this possible?
>>
>> Thanks.
>>
>> The only other way I can think of blocking them, is to create some
>> other private network range, become authoritative for it, and assign
>these
>> rogues an IP from the new range (which will go nowhere because it
>wouldn't
>> actually exist).
>>
More information about the dhcp-users
mailing list