Content os deny unknown-clients in DHCPV6

dqq 343318434 at
Tue Jul 3 03:02:22 UTC 2012

>Today's Topics:

   >1. deny unknown-clients in DHCPv6 (=?ISO-8859-1?B?ZHFx?=)
 >  2. Re: deny unknown-clients in DHCPv6 (alan buxey)


>Message: 1
>Date: Mon, 2 Jul 2012 16:04:06 +0800
>From: "=?ISO-8859-1?B?ZHFx?=" <343318434 at>
>To: "=?ISO-8859-1?B?ZGhjcC11c2Vycw==?=" <dhcp-users at>
>Subject: deny unknown-clients in DHCPv6
>Message-ID: <tencent_50E44F07768448862922EB73 at>
>Content-Type: text/plain; charset="iso-8859-1"

 >Now I want to use dhcp-4.2.3-PI as my dhcpv6 server.
> In my dhcpv6 server,I want to use MAC address to control the access of users,but when I use the "deny unknown->clients" in my config file,The unknown-clients also get the address.I known it works well in dhcpv4 , I don't known >why it can't work in HDCPv6. Can you give me any ideas?
 >In the mailing list ,I see the same question, but unfortunately there is no answer corresponding to this question.
 >And the related config in  my conffile look like this:
 >subnet6 2001:db8:1111::/64 {
   >             option dhcp6.domain-search "nic";
      >  range6 2001:db8:1111::10 2001:db8:1111::fff;
        > # Use the whole /64 prefix for temporary addresses
        >#  (i.e., direct application of RFC 4941)
        >range6 2001:db8::/64 temporary;
         ># Some /64 prefixes available for Prefix Delegation (RFC 3633)
        >prefix6 2000:: 2001:db8:: /80;
     ># deny unknown-clients;
       > deny unknown-clients;
 >hardware xx:xx:xx:xx:xx:xx;

 >Look forward to your reply...
-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <>


>Message: 2
>Date: Mon, 2 Jul 2012 09:35:18 +0100
>From: alan buxey <A.L.M.Buxey at>
>To: Users of ISC DHCP <dhcp-users at>
>Subject: Re: deny unknown-clients in DHCPv6
>Message-ID: <20120702083518.GA2347 at>
>Content-Type: text/plain; charset=us-ascii


>some DHCPv6 101 - you need to look at DUID / ia-na rather than MAC addresses for v6


 Thanks for your reply:
 I know  the duid,but,when we assign a fixed address,the mac works.
 and,in the man file in the dhcp-4.2.3-PI ,there are some declarations as follows:
       "please be aware that only the  dhcp-client-identifier  option  and  the
       hardware  address can be used to match a host declaration, or the host-
       identifier option parameter for DHCPv6 servers.   For  example,  it  is
       not  possible to match a host declaration to a host-name option.   This
       is because the host-name option cannot be guaranteed to be  unique  for
       any  given  client,  whereas both the hardware address and dhcp-client-
       identifier option are at least theoretically guaranteed to be unique to
       a given client."
 when use duid,the clients may default sent a duid-llt duid , the timestamp can't be controled when I use it to delcare a host,especially that there are lots of clients in my network. Maybe I can use duid-ll in my conf file,but,if the client send a request message with a default duid-llt duid,they can't match each other,do they?
 Can you give me some advise?
 Look forward to your replay。。。
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list