Content os deny unknown-clients in DHCPV6
dqq
343318434 at qq.com
Tue Jul 3 03:02:22 UTC 2012
>Today's Topics:
>1. deny unknown-clients in DHCPv6 (=?ISO-8859-1?B?ZHFx?=)
> 2. Re: deny unknown-clients in DHCPv6 (alan buxey)
----------------------------------------------------------------------
>Message: 1
>Date: Mon, 2 Jul 2012 16:04:06 +0800
>From: "=?ISO-8859-1?B?ZHFx?=" <343318434 at qq.com>
>To: "=?ISO-8859-1?B?ZGhjcC11c2Vycw==?=" <dhcp-users at lists.isc.org>
>Subject: deny unknown-clients in DHCPv6
>Message-ID: <tencent_50E44F07768448862922EB73 at qq.com>
>Content-Type: text/plain; charset="iso-8859-1"
>Hello:
>Now I want to use dhcp-4.2.3-PI as my dhcpv6 server.
> In my dhcpv6 server,I want to use MAC address to control the access of users,but when I use the "deny unknown->clients" in my config file,The unknown-clients also get the address.I known it works well in dhcpv4 , I don't known >why it can't work in HDCPv6. Can you give me any ideas?
>P.s
>In the mailing list ,I see the same question, but unfortunately there is no answer corresponding to this question.
>And the related config in my conffile look like this:
>subnet6 2001:db8:1111::/64 {
> option dhcp6.domain-search "nic";
> range6 2001:db8:1111::10 2001:db8:1111::fff;
> # Use the whole /64 prefix for temporary addresses
># (i.e., direct application of RFC 4941)
>range6 2001:db8::/64 temporary;
># Some /64 prefixes available for Prefix Delegation (RFC 3633)
>prefix6 2000:: 2001:db8:: /80;
># deny unknown-clients;
> deny unknown-clients;
>}
>host{
>hardware xx:xx:xx:xx:xx:xx;
>}
>Look forward to your reply...
-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120702/05a0e5e0/attachment-0001.html>
------------------------------
>Message: 2
>Date: Mon, 2 Jul 2012 09:35:18 +0100
>From: alan buxey <A.L.M.Buxey at lboro.ac.uk>
>To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>Subject: Re: deny unknown-clients in DHCPv6
>Message-ID: <20120702083518.GA2347 at lboro.ac.uk>
>Content-Type: text/plain; charset=us-ascii
>Hi,
>some DHCPv6 101 - you need to look at DUID / ia-na rather than MAC addresses for v6
>alan
Thanks for your reply:
I know the duid,but,when we assign a fixed address,the mac works.
and,in the man file in the dhcp-4.2.3-PI ,there are some declarations as follows:
"please be aware that only the dhcp-client-identifier option and the
hardware address can be used to match a host declaration, or the host-
identifier option parameter for DHCPv6 servers. For example, it is
not possible to match a host declaration to a host-name option. This
is because the host-name option cannot be guaranteed to be unique for
any given client, whereas both the hardware address and dhcp-client-
identifier option are at least theoretically guaranteed to be unique to
a given client."
when use duid,the clients may default sent a duid-llt duid , the timestamp can't be controled when I use it to delcare a host,especially that there are lots of clients in my network. Maybe I can use duid-ll in my conf file,but,if the client send a request message with a default duid-llt duid,they can't match each other,do they?
Can you give me some advise?
Look forward to your replay。。。
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120703/790c2a22/attachment.html>
More information about the dhcp-users
mailing list