dhcpd and authetication
Peter Grandi
pg_dhcp at dhcp.for.sabi.co.UK
Sun May 2 10:23:47 UTC 2010
> if possible to let dhcp server to check the ethernet address,
> but not assign is ip for it? that means dhcp server will
> check the ethernet address and see if this address allow to
> get ip. if so, than it will dynomicly give a ip address, not
> like host statement that give a ethernet address a static ip
> address.
Leave out the IP address assignment from the 'host' statement
and look in 'man dhcpd.conf' for "unknown-clients".
> Any comments will be appreciated
Your request makes little sense. The DHCP server performs by
default no "authentication" or "authorization" and it is not a
good idea for DHCP to be used for that; there is not much point
in giving "pool" IP addresses only to Ethernet addresses it has
in some sort of list, also because "authentication" based on
Ethernet address is weak, as Ethernet addresses can be easily
discovered and faked.
If you want to restrict network access to registered hosts
consider using EAP/802.1x:
http://en.wikipedia.org/wiki/IEEE_802.1X
http://tldp.org/HOWTO/html_single/8021X-HOWTO/
More information about the dhcp-users
mailing list