[Kea-users] Kea DROP rule v6 MAC
Darren Ankney
darren.ankney at gmail.com
Sun Jan 14 11:42:33 UTC 2024
Hi Joe,
As long as the mac address is available somehow (Kea extracts the mac
address if it can in various ways
https://kea.readthedocs.io/en/kea-2.4.0/arm/dhcp6-srv.html#mac-hardware-addresses-in-dhcpv6),
you can match on it in DHCPv6 to create a reservation and add the
client to the built in DROP class
(https://kea.readthedocs.io/en/kea-2.4.0/arm/classify.html#classification-steps):
"reservations": [
{
"hw-address": "aa:bb:cc:dd:ee:ff",
"client-classes": [ "DROP" ]
}
]
If the above is used at the global level, you may need to set
"early-global-reservations-lookup": true
(https://kea.readthedocs.io/en/kea-2.4.0/arm/dhcp6-srv.html#client-classification-in-dhcpv6).
Thank you,
Darren Ankney
On Sat, Jan 13, 2024 at 10:38 AM Joe Botha <joe at swimgeek.com> wrote:
>
> Hi
>
> We sometimes drop DHCP v4 traffic based on MAC address.
>
> Encountered a case where a (ZTE) router is going crazy and asking for many v6 leases.
>
> It’s also changing its DUID with every new request, so can’t give it static lease.
>
> https://downloads.isc.org/isc/kea/2.4.1/doc/html/arm/classify.html#using-expressions-in-classification
>
> Usually match on pkt4.mac
>
> What would the DHCPv6 match look like?
>
> Can’t match on MAC. Can’t see how to match on the MAC part of the DUID.
>
> --
> Swimmingly,
> Joe
>
> swimgeek.com/blog +27 82 562 6167 instagram.com/joe.swimgeek
> "...all progress depends on the unreasonable man.”
>
>
>
>
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
More information about the Kea-users
mailing list