[Kea-users] client getting IP without reservation

Jason Keltz jas at yorku.ca
Wed Nov 22 19:33:16 UTC 2023 

On 11/22/23 13:24, Bob Harold wrote:
>
> On Wed, Nov 22, 2023 at 12:41 PM Jason Keltz <jas at yorku.ca> wrote:
>
>     Hi.
>
>     I have now configured my Kea installation with many subnets, each
>     with
>     their own reservations.  It's working well.
>
>     There's also one global reservation set for hosts that are configured
>     without an IP so they can connect in the dynamic range of any subnet.
>
>     I wanted to do a test of what would happen if a host ether was not
>     referenced in either the subnet or global sections.
>
>     I took one host which was getting a reserved IP in a subnet, released
>     the IP, then changed the host ethernet address in the Kea config
>     file so
>     that the host would no longer be recognized.
>
>     When I DHCP renew on the host, I now get an IP in the dynamic range.
>     This isn't the behaviour I want.  Since the host doesn't have a
>     reservation either in a subnet or in the global pool, I want to be
>     denied an IP.
>
>     What option am I missing?
>
>     Jason.
>
> Remove the dynamic range, if you don't want dynamic clients.  DHCP 
> Reserved clients should be outside any range.
>
> (or limit it to some class of clients or list of allowed mac addresses 
> or other client ids or vendor ids)
> ... at least that's how it works in dhcpd.
>
> -- 
> Bob Harold
>
Hi Bob,

Thanks for your response.

Perhaps I'm explaining what I want to do poorly or using the incorrect 
terminology.  My apologies.

Each subnet has host reservations based on ethernet address and IP pairs 
for many hosts.  Each subnet also has a dynamic pool. The IPs 
distributed via host reservation are allocated from outside the dynamic 
pool.

The global reservations section includes ethernet address and not IP for 
hosts that should be able to get an address no matter which subnet they 
plug into.  The IPs distributed for these global reservations should be 
from the dynamic pool ranges attached to each subnet.

Hosts that have neither an entry in the subnet host reservation list, or 
the global reservation list should not be able to get an IP address.

That's what I was doing with ISC DHCPd before.  I'm sure there's a way 
to do this with Kea, but I could just use assistance figuring out which 
options I need.

Thanks!

Jason.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20231122/6c274f6e/attachment-0001.htm>

More information about the Kea-users mailing list