[Kea-users] client getting IP without reservation

Darren Ankney darren.ankney at gmail.com
Wed Nov 22 20:34:52 UTC 2023 

Hi Jason,

I'm not sure how that was working in ISC DHCP unless you had "deny
unknown-clients;" or "allow known-clients;" specified with your pool
as well.  There is a similar mechanism in Kea.  Just add:

"client-class": "KNOWN"

to your pool specification.  Example:

"pools": [
                {
                    "pool": "192.0.2.10-192.0.2.20",
                    "client-class": "KNOWN"
                },
]

Those that have no reservation will be members of the special UNKNOWN
class and not be allowed an address from the pool.

Thank you,

Darren Ankney

On Wed, Nov 22, 2023 at 2:33 PM Jason Keltz <jas at yorku.ca> wrote:
>
> On 11/22/23 13:24, Bob Harold wrote:
>
>
> On Wed, Nov 22, 2023 at 12:41 PM Jason Keltz <jas at yorku.ca> wrote:
>>
>> Hi.
>>
>> I have now configured my Kea installation with many subnets, each with
>> their own reservations.  It's working well.
>>
>> There's also one global reservation set for hosts that are configured
>> without an IP so they can connect in the dynamic range of any subnet.
>>
>> I wanted to do a test of what would happen if a host ether was not
>> referenced in either the subnet or global sections.
>>
>> I took one host which was getting a reserved IP in a subnet, released
>> the IP, then changed the host ethernet address in the Kea config file so
>> that the host would no longer be recognized.
>>
>> When I DHCP renew on the host, I now get an IP in the dynamic range.
>> This isn't the behaviour I want.  Since the host doesn't have a
>> reservation either in a subnet or in the global pool, I want to be
>> denied an IP.
>>
>> What option am I missing?
>>
>> Jason.
>>
> Remove the dynamic range, if you don't want dynamic clients.  DHCP Reserved clients should be outside any range.
>
> (or limit it to some class of clients or list of allowed mac addresses or other client ids or vendor ids)
> ... at least that's how it works in dhcpd.
>
> --
> Bob Harold
>
> Hi Bob,
>
> Thanks for your response.
>
> Perhaps I'm explaining what I want to do poorly or using the incorrect terminology.  My apologies.
>
> Each subnet has host reservations based on ethernet address and IP pairs for many hosts.  Each subnet also has a dynamic pool.  The IPs distributed via host reservation are allocated from outside the dynamic pool.
>
> The global reservations section includes ethernet address and not IP for hosts that should be able to get an address no matter which subnet they plug into.  The IPs distributed for these global reservations should be from the dynamic pool ranges attached to each subnet.
>
> Hosts that have neither an entry in the subnet host reservation list, or the global reservation list should not be able to get an IP address.
>
> That's what I was doing with ISC DHCPd before.  I'm sure there's a way to do this with Kea, but I could just use assistance figuring out which options I need.
>
> Thanks!
>
> Jason.
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users

More information about the Kea-users mailing list