MAC randomisation and DHCP pools
Bill Shirley
bill at c3po.polymerindustries.biz
Sat Jul 25 11:21:12 UTC 2020
No, the point of IPv6 is more addresses. Then the privacy advocates and DHCP haters
jumped onboard and made IPv6 very complicated. For DHCPv6, most devices don't
sent the host name. This makes if very hard to keep DNS updated. However, kudos to
Microsoft because Windows does send the host name.
Yes, random MAC addresses will lead to problems assigning static addresses. It will
be impossible to open a port (in-going or out-going) on the firewall for a special device.
For IPv4 you can identify a device by host name because most devices send it:
class "identify_by_hostname" {
match option host-name;
}
subclass "identify_by_hostname" "android-4867fdc048d28c06" { ddns-hostname "My-eXpro-tablet"; } # this works
Just add a fixed-address between the {} to the subclass entry if desired.
Who ever comes up with this randomization stuff has obviously never been a network administrator.
To address Mike's post, shorten your lease times:
class "mobile_device" {
match if (
option host-name ~~ "dhcpcd"
or option host-name ~~ "android"
or option host-name ~~ "iphone"
or option host-name ~~ "samsung-sm"
or option host-name ~~ "ipod"
or option host-name ~~ "ipad"
or option host-name ~~ "a?p?plewatch"
or option host-name ~~ "nintendo 3ds"
or option host-name ~~ "galaxy-"
or option host-name ~~ "g7-thinq"
or option host-name ~~ "v40-thinq"
or option vendor-class-identifier ~~ "android-dhcp"
);
# optional: to make devices unique (for DNS) that have a duplicate host name (users haven't changed the default):
if (lcase(option host-name) = "iphone") { ddns-hostname = concat("iPhone-", binary-to-ascii(16, 8, "",
substring(hardware, 4, 3))); }
if (lcase(option host-name) = "iphone-2") { ddns-hostname = concat("iPhone2-", binary-to-ascii(16, 8, "",
substring(hardware, 4, 3))); }
if (lcase(option host-name) = "iphone-3") { ddns-hostname = concat("iPhone3-", binary-to-ascii(16, 8, "",
substring(hardware, 4, 3))); }
if (lcase(option host-name) = "ipod") { ddns-hostname = concat("iPod-", binary-to-ascii(16, 8, "", substring(hardware,
4, 3))); }
if (lcase(option host-name) = "ipad") { ddns-hostname = concat("iPad-", binary-to-ascii(16, 8, "", substring(hardware,
4, 3))); }
if ((substring(lcase(option fqdn.hostname), 0, 8) = "g7-thinq") or (substring(lcase(option host-name), 0, 8) = "g7-thinq")) {
ddns-hostname = concat("g7-thinq-", binary-to-ascii(16, 8, "", substring(hardware, 4, 3)));
}
if not ((exists server.ddns-hostname) or (exists fqdn.hostname) or (exists host-name)) {
if (substring(lcase(option vendor-class-identifier), 0, 12) = "android-dhcp") {
ddns-hostname = concat("android-dhcp-", binary-to-ascii(16, 8, "", substring(hardware, 4, 3)));
}
}
}
class "Other_mobile" {
match hardware;
set member_of = "mobile_device";
}
subclass "Other_mobile" 1:68:09:ff:49:0a:35; # Brenda's-phone
subclass "Other_mobile" 1:00:aa:f6:01:05:fe { ddns-hostname "Ricks-phone"; }
.
.
subnet 192.168.99.0 netmask 255.255.255.0 {
.
.
# ------------------
pool {
allow members of "mobile_device";
allow members of "Other_mobile";
deny dynamic bootp clients;
adaptive-lease-time-threshold 75; # use min-lease-time when pool is above this percent
min-lease-time 3600; # 1 hour
default-lease-time 14400; # 4 hours
max-lease-time 28800; # 8 hours
range 192.168.99.128 192.168.99.191; # 192.168.99.128/26 (64 addresses)
}
# ------------------
.
.
}
Note the *adaptive-lease-time-threshold* statement.
Bill
On 7/24/2020 9:46 PM, Joshua Stark wrote:
> But was that not the point of IPv6 - totally random
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20200725/93c1c944/attachment.htm>
More information about the dhcp-users
mailing list