ISC DHCP ... dhcpd -6 and known clients

Thu Nov 17 21:07:48 UTC 2016

Folks, 

Is it not yet possible to allow/deny unkown clients in DHCPv6? 

In dhcpd for DHCPv4, it is possible to do something like this: 
--- 
shared-network SomeNetwork { 
subnet 10.0.0.0 netmask 255.255.255.0 { 
pool { 
range 10.0.0.2 10.0.0.254; 
deny unknown clients; 
} 
} 
subnet 10.160.0.0 netmask 255.255.255.0 { 
pool { 
range 10.160.0.2 10.160.0.254; 
} 
} 
} 

host SomeHost { hardware ethernet 00:01:02:03:04:05; } 

--- 

With the above config, the specified host of 00: 01 : 02 :03:04:05 would get an address out of the 10.0.0.0/24 range while a non-specified host of 00:10:20:30:40:50 would get an address out of 10.160.0.0/24 

Trying something similar in DHCPv6 (dhcpd -6) does not seem to produce the same behavior: 

--- 

shared-network FNGipv6Test { 

subnet6 2001:0:50:e8::/64 { 

range6 2001:0:50:e8::1 2001:0:50:e8:7fff:ffff:ffff:fffe; 

prefix6 2001:0:58:: 2001:0:59:: /48; 

min-lease-time 600; 

preferred-lifetime 600; 

default-lease-time 600; 

max-lease-time 600; 

deny unknown-clients; 

} 

} 
--- 

with no hosts defined, everyone can get an address. The first thing I noticed was that using 'deny unknown clients;' produced a config error: 
--- 
/etc/dhcpd6.conf line 9: expecting allow/deny key 
deny unknown 
^ 
--- 

but did not produce an error when specified as 'deny unknown-clients;'. It did not, however, deny clients. All clients were able to get addresses and prefix delegations with no problems despite having no declarations in the config causing them to be 'known'. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161117/aa4e1915/attachment.html>