DHCPv6 client classification based on DUID.
Chris Buxton
chris.p.buxton at gmail.com
Wed Sep 19 20:51:15 UTC 2012
No.
DHCPv6 does not support classes. Period. (Not yet, anyway...)
Also, parsing the DUID looking for (part of) a MAC address is a protocol violation. DHCPv6 should never even see the MAC address, let alone act upon it. (Not yet, anyway...)
DHCPv6 was never designed to behave at all like DHCP (v4). It was designed to learn from the "mistakes" of DHCP and improve the design. Of course, a lot of people don't like change, and see this as a flaw in the design of DHCPv6. I personally expect DHCPv6 to gain a lot of the capabilities of DHCP over the next couple of years, because (for example) the ability to ban a particular MAC address is kind of important. Doing this in the switch configuration often involves a different organization within the IT departments of a lot of enterprises. Enterprises will hold back on deploying IPv6 until this gets sorted out.
Of course, it may also happen that my employer and our competitors get more into switch management, obviating the whole issue...
Chris Buxton
BlueCat Networks
On Sep 18, 2012, at 10:08 AM, Рязанцев Андрей wrote:
> Greetings, everyone.
>
> I'm trying to configure isc-dhcp daemon on my new router (it runs OpenWRT codenamed Attitude Adjustment). My main idea is quite simple. I have one internal network interface and a couple of IPv6 subnetworks on it (for example). Lets say those subnets are 2001:db8::a:0/112 and 2001:db8::b:0/112. All I want for DHCPv6 server is to assign network A addresses to real interfaces, and network B addresses for clients whose DUID contains substring "080027" (that's VirtualBox vendor code (or whatever that part of MAC address called) for its interfaces).
> My first configuration attempt was as simple as that:
>
> ########################################################################
> subnet6 2001:db8::a:0/112
> {
> range6 2001:db8::a:10 2001:db8::a:ffff;
> }
>
> class "virtualbox"
> {
> match if substring(option6 dhcp6.client-id, 16, 6) = "080027"; # client-id is DUID type 0x1
> }
>
> subnet6 2001:db8::b:0/112
> {
> range6 2001:db8::b:10 2001:db8::b:ffff;
> allow members of "virtualbox";
> };
> ########################################################################
>
> Of course it's all wrong when applying to isc-dhcpd, but still it describes my idea.
> What I'm getting after that is "WARNING: class declarations are not supported for DHCPv6." :(
>
> I was able to get really close to that with dnsmasq. It was just about 2 config lines:
>
> ########################################################################
> dhcp-match=set:virtualbox,option:client-id,*:08:00:27:*
> dhcp-range=tag:virtualbox,2001:db8::b:10,2001:db8::b:ffff,112,15m
> ########################################################################
>
> Unfortunately dnsmasq just doesn't understand client-id option. Which can be confirmed by issuing command "dnsmasq --help dhcp6".
> So my question is: Can I somehow achieve behavior mentioned above with isc-dhcpd? And of course how can I do that?
>
> Thanks in advance to any responders.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120919/7bbd8e01/attachment-0001.bin>
More information about the dhcp-users
mailing list