hardware ethernet and option vendor-class-identifier

Rafal golem at mtm-info.pl
Fri Oct 16 13:42:39 UTC 2015


Hello Patrick,

This is mostly because of security reasons.
Nowadays there is really easy to clone mac.
Adding vendor-class identifier check will make it harder.

I  don't  care about changing IP on network card after lease is active
because each IP will be bound to different vlan.

Anyway is there chance to make hardware ethernet and option vendor-class-identifier
to be checked before dhcp send lease ?






Friday, October 16, 2015, 3:33:33 PM, you wrote:

> If you are specifying the fixed-address value based on the
> "hardware ethernet", why are you bothering with the class
> identifier. I would just specify that for a given hardware ethernet, assign a specific fixed address.

> Is there some circumstance when you think a given MAC address will qualify for different classes?

> ________________________________________
> From: dhcp-users-bounces at lists.isc.org
> [dhcp-users-bounces at lists.isc.org] on behalf of Rafal [golem at mtm-info.pl]
> Sent: Friday, October 16, 2015 7:32 AM
> To: dhcp-users at lists.isc.org
> Subject: hardware ethernet and option vendor-class-identifier

> Hello Dhcp-users,

> I    want    to    make   my   dhcp   server   verify   hardware   and
> vendor-class-identifier to send reply.

> This is how I expected it :


> (not working example)

> ##########
>  subnet 192.168.30.0 netmask 255.255.255.192 {
>  option routers 192.168.30.1;
>                                             }

> class "WINDOWS" {
> match if substring(option vendor-class-identifier, 0, 8) = "MSFT";

> }

> class "LINUX" {
> match if substring(option vendor-class-identifier, 0, 8) = "udhcp";

> }

> host windowspc {hardware ethernet 78:01:02:03:04:05; fixed-address
> 192.168.30.2; allow members of "WINDOWS";}
> host linuxpc {hardware ethernet 44:11:02:03:04:05; fixed-address
> 192.168.30.3; allow members of "LINUX";}


> #######
> So  while  dhcp  server receive dhcp request, he checks hardware address and
> then vendor class identifier. If both match then he send reply.

> Allow  members  need  to  be defined inside pool however I need static
> IP configuration based on dhcp.
> My example doesn't work. Can anyone help me to make it working ?

> Thanks in advance.


> --
> Best regards,
>  Ozga Rafal                          mailto:golem at mtm-info.pl

> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users



-- 
Best regards,
Ozga Rafal                          mailto:golem at mtm-info.pl



More information about the dhcp-users mailing list