deny booting in host statement?

Jim Glassford jmglass at iup.edu
Fri May 2 19:00:53 UTC 2014 

This has worked well here, note the 1: in front of the MAC to be denied
DHCP Server 4.1.1-P1


  class "badboys" {
   match hardware;
}


subclass "badboys" 1:00:00:00:00:00:00; #Bad enet
subclass "badboys" 1:00:11:22:33:44:55; #Bad enet
subclass "badboys" 1:00:1e:33:45:a3:50; #unknown (BBSales) inside RSM MDF
subclass "badboys" 1:88:ae:1d:41:9d:96; #unknown (Richard) RSM


   ~add deny to the subnet scopes where want to block

subnet  1.8.2.0 netmask 255.255.254.0
{option routers 1.8.2.1;
  pool {
  ignore client-updates;ddns-updates off;
  range 1.8.2.20 1.8.2.25;
  deny members of "badboys";
  }
}

best!
jim


On 5/2/2014 2:30 PM, perl-list wrote:
> I want to come up with a method to disallow certain mac addresses from 
> getting an address via DHCP.  deny booting seems to be the way.  My 
> reading of the man page appears to indicate that deny booting will 
> work in the host { } declaration.
>
> ------------------------------------------------------------------------
>
> *The *booting *keyword*
>
>
> *allow booting;*
>
> *deny *booting;
>
> *ignore booting;*
>
>
>        The *booting *flag is used to tell dhcpd whether or not to 
> respond to queries from a particular client.  This keyword only has 
> meaning when it appears in a host declaration.  By default, booting is 
> *allow*ed, but if it is disabled for a particular client, then
>
>        that client will not be able to get an address from the DHCP 
> server.
>
> ------------------------------------------------------------------------
>
>
> So a line like this:
>
>
> host bad_client {hardware ethernet 00:03:91:BE:55:38; deny booting;}
>
>
> should cause the DHCP server to not allow the client to receive an IP 
> address, correct?  Has anyone done this and can confirm that it works?
>
>
> .................
>
>
> btw .. the man page says "This keyword only has meaning when it 
> appears in a host declaration." for the booting keyword as shown 
> above.  I happen to know that it works in the global area as well. 
>  The following configuration works to deny clients with the matching 
> mac prefix.
>
> if (binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "0:3:91") {
>     deny booting;
> }
>
>
> Producing log messages like this (log message slightly altered to 
> protect privacy):
>
>
> May  2 18:28:00 hostname dhcpd: DHCPDISCOVER from 00:03:91:f0:98:00 
> via 1.1.1.1: booting disallowed
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140502/8e779907/attachment.html>

More information about the dhcp-users mailing list