deny machines which have configured static ips or configured ip manually
Lars Noodén
lars.nooden at gmail.com
Sun Jun 17 12:19:35 UTC 2012
On 6/17/12 11:47 AM, Simon Hobson wrote:
> ARUN CHAKRAPANI RAO wrote:
>
>> Is there any method in dhcp, I can configure which will deny access to
>> those machines which have been configured manualy ip instead of the ip
>> which is being provided by our dhcp server
>
> None whatsoever.
> You would need external tools to track leases offered by your server and
> what what's connected to the network. If it finds a rogue device, it
> would then need to take actions unrelated to your DHCP server (such as
> blocking that MAC at the router or switch).
>
> Randall has mentioned one, I'm sure there are many homegrown solutions
> in use around the world.
[snip]
OpenBSD's derivative of DHCPd has an option to insert leased addresses
into a designated table in the packet filter (PF). See the -L option:
http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd
However, it's not the ISC DHCP and you would also have to run OpenBSD to
get both the modified DHCP server and PF.
Regards
/Lars
More information about the dhcp-users
mailing list