host-identifier with IPv6
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Mar 4 22:23:24 UTC 2009
Ted Lemon wrote:
>>And you do need some way to identify the user. If you register
>>a MAC for your network and check someone's student ID card and
>>picture, then how do you supply the same level of trust in a web
>>browser? Does this now require a student login and password that
>>they've probably forgotten and need to get on the network to reset
>>anyway? A student ID card USB key fob that browsers support?
>
>This is why pretty much every school I've ever been to has a registrar.
And please explain WHAT the registrar is going to enter in his database ?
Does he :
a) Enter a short string of 12 hex digits that is in most cases on the
side of the box, or if not is quite easy to find in whatever OS the
device happens to be running at the time.
or
b) Enter a much longer string that means using some sort of tool
(RegEdit on Windows ?) to find a much longer (and hence harder to
type without errors) string that may, or probably won't stay the same
during the students stay. Not to mention probably having to boot the
machine into more than one OS (yeah, the guys'n'gals in the queue
behind will LOVE that) to get more than one value.
And I note that my previous question has gone unanswered ! So I'll
re-ask it and expand.
Would it break anything to make a relay agent or server look into the
packets they get from the client, extract the MAC address, and add an
option to the packet containing the MAC address - like Option-82 is
done now ?
Would it be a lot of work to add this as an optional facility in the
ISC server and relay agent ?
Would it in fact be sufficient ? Ie, would it be sufficient to only
get the MAC address in the initial (broadcast) discover phase, and
not in later (unicast) renewals ? Will the current classing/matching
syntax cope with "only grant <some specific sort of lease> if the
packet contains a MAC address option AND it matches <some condition>"
And if that isn't sufficient, would it be sufficient to allow
automatic capture of DUID-(current)MAC pairs to populate automated
systems ?
If this would be sufficient, it would seem to be something we could
do now with the ISC software and the worst case would be that some
sites would need to run an ISC relay agent instead of one built into
their expensive (Cisco) routers. And if it does work, we could then
work towards having it added to the standard - on the basis that it
doesn't break anything, and there are workarounds for relay agents
not supporting it.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list