dhcp-host options
Glenn Satchell
glenn.satchell at uniq.com.au
Sat Aug 18 12:00:49 UTC 2012
Hi Eduardo
There are a few ways to achieve this with th eISC dhcpd server, but all
involve selecting the particular host(s) and then applying 'deny
booting;' or 'ignore booting;' in that scope. The two have the same
effect, but deny still causes a message to be be logged, ignore silently
ignores the requests.
For example you can use a host statement where there are only one or two:
host bad1 {
hardware ethernet 01:02:03:04:05:06;
ignore booting;
}
A group if there are a few more:
group {
ignore booting;
host bad2 {
hardware ethernet 01:02:03:04:05:06;
}
host bad3 {
hardware ethernet 01:02:03:aa:bb:cc;
}
}
Or where you may have lots, then using a class and sub-classes as shown
in the man page for dhcpd.conf:
class "badones" {
match hardware;
ignore booting;
}
subclass "badones" 1:8:0:2b:4c:39:ad;
subclass "badones" 1:01:02:03:04:05:06;
Of course none of this stops someone from manually configuring an IP
address and accessing the network. DHCP on its own is not a security system.
regards,
-glenn
On 08/18/12 01:41, Eduardo Barreto wrote:
> Hi Fellows,
>
> I'm trying to block some hosts from getting ipaddress by setting into
> the DHCP Server conf file, the option
> /--dhcp-host=[<hwaddr>],//[,ignore]. /Do anyone knows if this parameter
> is recognized by all dhcp version? Our servers are running Debian Lenny
> & Squeeze.
>
> I really appreciate you help on this one
>
> Eduardo Barreto
>
>
More information about the dhcp-users
mailing list