dhcp-host options

Glenn Satchell glenn.satchell at uniq.com.au
Sat Aug 18 12:00:49 UTC 2012

Hi Eduardo

There are a few ways to achieve this with th eISC dhcpd server, but all 
involve selecting the particular host(s) and then applying 'deny 
booting;' or 'ignore booting;' in that scope. The two have the same 
effect, but deny still causes a message to be be logged, ignore silently 
ignores the requests.

For example you can use a host statement where there are only one or two:

host bad1 {
   hardware ethernet 01:02:03:04:05:06;
   ignore booting;

A group if there are a few more:

group {
   ignore booting;
   host bad2 {
     hardware ethernet 01:02:03:04:05:06;
   host bad3 {
     hardware ethernet 01:02:03:aa:bb:cc;

Or where you may have lots, then using a class and sub-classes as shown 
in the man page for dhcpd.conf:

class "badones" {
   match hardware;
   ignore booting;
subclass "badones" 1:8:0:2b:4c:39:ad;
subclass "badones" 1:01:02:03:04:05:06;

Of course none of this stops someone from manually configuring an IP 
address and accessing the network. DHCP on its own is not a security system.


On 08/18/12 01:41, Eduardo Barreto wrote:
> Hi Fellows,
> I'm trying to block some hosts from getting ipaddress by setting into
> the DHCP Server conf file, the option
> /--dhcp-host=[<hwaddr>],//[,ignore]. /Do anyone knows if this parameter
> is recognized by all dhcp version? Our servers are running Debian Lenny
> & Squeeze.
> I really appreciate you help on this one
> Eduardo Barreto

More information about the dhcp-users mailing list