exclude addresses

Ron Croonenberg ronc at depauw.edu
Thu Jan 10 05:38:58 UTC 2008 

where I work we have a pretty large network and those private nets are 
already in use  by different depts

 as for @ home, why not use  MAC based filtering on the router?

Sten Carlsen wrote:
> Hi
>
> I have set this up at my house, I use an address range for normal 
> hosts 192.168.x.x, I have set up another range for unknown hosts 
> 10.0.0.x, gateway, DNS, ... is set differently than the ones for 
> normal access.
>
> This looks to the uninvited like the standard setup you will get from 
> an unprotected AP in its default setup. The idea is that the "guest" 
> will believe that I have some AP in its default setup but have so few 
> abilities that I have not been able to get it connected to the 
> internet. The hope is that he will go to the next place.
>
> So basically I give these guys an address but a non-functional address.
>
>
> If people really want access, you have only routers and VLANs to play 
> with. None of this dhcpd setup will prevent manually set addresses.
>
>
> Ron Croonenberg wrote:
>> Hi Stan,
>>
>> I tried assigning  0.0.0.0   and 169.254.x.y   but somehow that 
>> client sees that it is a 'worthless' address ad keeps using the old 
>> address it 'stole'.
>>
>> I noticed that with 'deny booting'  it uses the old address too  even 
>> after trying to get an address with dhcp
>>
>>
>>
>> Sten Carlsen wrote:
>>> How about a host declaration with "deny booting"?
>>>
>>> On the other hand you could give him a special IP, that has no 
>>> routing anywhere. Make a new range, set all parameters seemingly 
>>> like they should be, but make sure your firewall knows that this 
>>> range must not go anywhere.
>>>
>>> This way the unwanted guest will have a harder time to figure out 
>>> what happened.
>>>
>>> In the archives there is an example on this. Somewhere.
>>>
>>> Brian Raaen wrote:
>>>> you can try creating a class that has that mac address in a 
>>>> subclass.  Then you can block that mac address in any pool you 
>>>> want.  I have attached the relevant part of the dhcpd.conf man page.
>>>>  
>>>>
>>>>   
>>>
>>
>>
>

More information about the dhcp-users mailing list