Prohibition of the Internet

[Simon Hobson]

syhshanda wrote:

>Does dhcpd can send a DHCPNAK to tell the client it should stop 
>using the address actively?

It can only send a NAK if the client comes along with a DHCP Request 
message. Since the client won't have an offer with an address to 
request (if you've followed our directions and blocked the dhcp 
server from giving one) then this won't happen.

If someone manually configures a device, then the DHCP server is 
**NOT** involved in any way at all - and sending NAKs will not have 
any effect on the client as it won't be listening for them.

As you've alreadu been told, you **CANNOT** enforce network security 
with DHCP (at least not DHCP alone). If you have a device to exclude 
from your network then you **WILL** need some other security 
mechanism to do that.

BTW - you haven't given any clues about the situation, but in most 
cases, the best security measures often aren't technical but social - 
have you actually tried talking to the user(s) assuming this is a 
problem with one rogue user attaching devices to the network ?

>How to configure DHCP to _NOT_ give a device an address?

That's exactly what you've just been told !

-- 
Simon Hobson

WANTED: "Software CD ROM Kit" for Canon CLBP 360-PS printer (Canon 
part no RH6-3612, or possibly RH6-3810, or RH6-3610 might do). I've a 
dead HD and need this CD so I can replace the disk and re-install the 
printer OS on it. If anyone knows where I might get hold of one I'd 
be grateful - requests to Canon drew a blank, it's been out of 
support for years.

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.