DHCP with RADIUS MAC Authentication

John Hascall john at iastate.edu
Fri Nov 27 19:39:06 UTC 2009

| We are an ISP providing access on many technologies (WiFi, Wimax, xDSL,
| FTTH...). 
| In most cases we use PPPoE servers, but we have recently migrated some of
| our networks on an ISC DHCP server.
| Everything works great but I have to authenticate each CPE by MAC Address (I
| already have a RADIUS server working well) before offering a lease.
| I don't find any radius client for RedHat, CentOs or Fedora which could be
| able to do that...
| Is there any way to make this working?
| Julien TURELLO

> DHCP is not an authentication mechanism, as the MAC address can easily be
> spoofed.  But if you're looking to hand out addresses to just those with
> certain MAC addresses (as presented, unverified, to your DHCP server), you
> can use no "host" statements along with a "deny unknown".
> Frank

I believe the OP is asking about something like this:
   (the last one is the latest version)
but I have no idea what its current status is, and it certainly
isn't in any ISC DHCPD that I'm aware of.

John Hascall, john at iastate.edu
Team Lead, NIADS (Network Infrastructure, Authentication & Directory Services)
IT Services, The Iowa State University of Science and Technology

More information about the dhcp-users mailing list