Preventing from assign fixed address based on class
Paweł Warowny
warp75 at gmail.com
Mon Jul 1 08:02:19 UTC 2013
On 27 June 2013 21:34, Peter Rathlev <peter at rathlev.dk> wrote:
> The client can spoof a vendor-class-identifier along with the MAC
> address so security still isn't perfect even with that selection. The
> modem and CMTS could theoretically enforce something using option 82.
I've already have it resolved on the modem side, so the customer isn't
able to use spoofed MAC.
I also wanted to do it on the dhcp server side just in case.
> You might achieve what you describe though, but using a compound class
> match statement:
> Word on the street is that this doesn't scale; if you have more than a
> few hundred clients you probably need to rethink this.
I've got a few thousands customers, so it doesn't fit.
> You could take at look at this:
>
> http://www.miquels.cistron.nl/isc-dhcpd/
Great, thank you for the link and for your response.
More information about the dhcp-users
mailing list