host-identifier with IPv6

Simon Hobson dhcp1 at thehobsons.co.uk
Wed Mar 4 22:23:24 UTC 2009


Ted Lemon wrote:

>>And you do need some way to identify the user.  If you register
>>a MAC for your network and check someone's student ID card and
>>picture, then how do you supply the same level of trust in a web
>>browser?  Does this now require a student login and password that
>>they've probably forgotten and need to get on the network to reset
>>anyway?  A student ID card USB key fob that browsers support?
>
>This is why pretty much every school I've ever been to has a registrar.

And please explain WHAT the registrar is going to enter in his database ?

Does he :

a) Enter a short string of 12 hex digits that is in most cases on the 
side of the box, or if not is quite easy to find in whatever OS the 
device happens to be running at the time.

or

b) Enter a much longer string that means using some sort of tool 
(RegEdit on Windows ?) to find a much longer (and hence harder to 
type without errors) string that may, or probably won't stay the same 
during the students stay. Not to mention probably having to boot the 
machine into more than one OS (yeah, the guys'n'gals in the queue 
behind will LOVE that) to get more than one value.



And I note that my previous question has gone unanswered ! So I'll 
re-ask it and expand.

Would it break anything to make a relay agent or server look into the 
packets they get from the client, extract the MAC address, and add an 
option to the packet containing the MAC address - like Option-82 is 
done now ?

Would it be a lot of work to add this as an optional facility in the 
ISC server and relay agent ?

Would it in fact be sufficient ? Ie, would it be sufficient to only 
get the MAC address in the initial (broadcast) discover phase, and 
not in later (unicast) renewals ? Will the current classing/matching 
syntax cope with "only grant <some specific sort of lease> if the 
packet contains a MAC address option AND it matches <some condition>"

And if that isn't sufficient, would it be sufficient to allow 
automatic capture of DUID-(current)MAC pairs to populate automated 
systems ?



If this would be sufficient, it would seem to be something we could 
do now with the ISC software and the worst case would be that some 
sites would need to run an ISC relay agent instead of one built into 
their expensive (Cisco) routers. And if it does work, we could then 
work towards having it added to the standard - on the basis that it 
doesn't break anything, and there are workarounds for relay agents 
not supporting it.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.



More information about the dhcp-users mailing list