Deny DHCP Address by MAC?
Jeff Wieland
wieland at purdue.edu
Fri Jul 16 21:06:15 UTC 2010
Restarting is necessary to get dhcpd to reread it's config, but,
no, the server won't NAK the client until the client tries to
renew. That's the way that DHCP works.
Tim Evans wrote:
> On 07/16/10 16:38, Jeff Wieland wrote:
>> What we usually do is to create a class called something like
>> "black-hole",
>> and then use subclasses to match on it. Something like:
>>
>> class "black-hole" {
>> match substring (hardware, 1, 6);
>> # deny booting;
>> ignore booting;
>> }
>> subclass "black-hole" 00:12:ba:1d:c1:b7;
>> subclass "black-hole" 00:12:df:b6:7b:e7;
>>
>> You can have as many of the "subclass" statements as you need. This
>> uses an
>> ignore booting command, which causes dhcpd to do nothing when it see
>> that
>> MAC address. If you comment out the "ignore booting" and uncomment the
>> "deny booting", it will send an DHCPNAK (IIRC) to the client instead.
>
> Thanks. Does simply restarting dhcpd after this sort of edit to the
> conf file take away the outstanding lease? If not, how to do so?
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITN&S Data Networks
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)494-6620 | West Lafayette, IN 47907-2115
More information about the dhcp-users
mailing list