DHCPv6 client classification based on DUID.
Christian Bösch
boesch at fhv.at
Fri Sep 21 05:46:06 UTC 2012
On Sep 20, 2012, at 23:13 , Simon Hobson <dhcp1 at thehobsons.co.uk> wrote:
> Randall C Grimshaw wrote:
>> >That's only likely to change if hardware vendors start providing a
>>> specific place to store a device-wide DUID, and software vendors
>>> support using it. I don't see that happening soon.
>>
>> from an operational point of view, wireless 802.1x supplicants with their common use of certificates could be used to drive NAC processes such as vlan steering. So one generalized solution would be to get OS vendors to treat the wired networks in the same way.
>
> I know almost nothing about 802.11x, but I can't help thinking it just moves the problem. I'm assuming any certificate would be stored in storage managed by the OS - which for devices capable of PXE booting is fairly likely to be disk (or a network volume mounted in much the same way). Thus the network boot client still won't have access to it without there being system wide and environment agnostic storage for it.
Intel's vPro Technology does this:
http://www.intel.com/technology/itj/2008/v12i4/5-paper/4-embedded-2.htm
chris
>
> Ie, when PXE boots, it doesn't (in the general case) have access to the storage containing the later OS's key - whether DUID or 802.11x certificate - and so cannot use the later OS's key. Chances are it'll have little to no storage of it's own, and hence won't be able to store a key of it's own that the OS could (theoretically) also use.
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120921/42957b59/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4373 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120921/42957b59/attachment.bin>
More information about the dhcp-users
mailing list