<DIV> </DIV>
<DIV><includetail>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE: 12px; PADDING-TOP: 2px"> </DIV>
<DIV><BR></DIV>>Today's Topics:<BR><BR> >1. deny unknown-clients in DHCPv6 (=?ISO-8859-1?B?ZHFx?=)<BR> > 2. Re: deny unknown-clients in DHCPv6 (alan buxey)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>>Message: 1<BR>>Date: Mon, 2 Jul 2012 16:04:06 +0800<BR>>From: "=?ISO-8859-1?B?ZHFx?=" <343318434@qq.com><BR>>To: "=?ISO-8859-1?B?ZGhjcC11c2Vycw==?=" <dhcp-users@lists.isc.org><BR>>Subject: deny unknown-clients in DHCPv6<BR>>Message-ID: <tencent_50E44F07768448862922EB73@qq.com><BR>>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>>Hello:<BR> >Now I want to use dhcp-4.2.3-PI as my dhcpv6 server.<BR>> In my dhcpv6 server,I want to use MAC address to control the access of users,but when I use the "deny unknown->clients" in my config file,The unknown-clients also get the address.I known it works well in dhcpv4 , I don't known >why it can't work in HDCPv6. Can you give me any ideas?<BR> <BR> >P.s<BR> >In the mailing list ,I see the same question, but unfortunately there is no answer corresponding to this question.<BR> <BR> >And the related config in my conffile look like this:<BR> >subnet6 2001:db8:1111::/64 {<BR> > option dhcp6.domain-search "nic";<BR> > range6 2001:db8:1111::10 2001:db8:1111::fff;<BR> > # Use the whole /64 prefix for temporary addresses<BR> ># (i.e., direct application of RFC 4941)<BR> >range6 2001:db8::/64 temporary;<BR> ># Some /64 prefixes available for Prefix Delegation (RFC 3633)<BR> >prefix6 2000:: 2001:db8:: /80;<BR> ># deny unknown-clients;<BR> > deny unknown-clients;<BR>>}<BR> >host{<BR> >hardware xx:xx:xx:xx:xx:xx;<BR> >}<BR><BR> >Look forward to your reply...<BR>-------------- next part --------------<BR>>An HTML attachment was scrubbed...<BR>>URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120702/05a0e5e0/attachment-0001.html><BR><BR>------------------------------<BR><BR>>Message: 2<BR>>Date: Mon, 2 Jul 2012 09:35:18 +0100<BR>>From: alan buxey <A.L.M.Buxey@lboro.ac.uk><BR>>To: Users of ISC DHCP <dhcp-users@lists.isc.org><BR>>Subject: Re: deny unknown-clients in DHCPv6<BR>>Message-ID: <20120702083518.GA2347@lboro.ac.uk><BR>>Content-Type: text/plain; charset=us-ascii<BR><BR>>Hi,<BR><BR>>some DHCPv6 101 - you need to look at DUID / ia-na rather than MAC addresses for v6<BR><BR><BR>>alan<BR><BR><BR>
<DIV>Thanks for your reply:</DIV>
<DIV>I know the duid,but,when we assign a fixed address,the mac works.</DIV>
<DIV>and,in the man file in the dhcp-4.2.3-PI ,there are some declarations as follows:</DIV>
<DIV> </DIV>
<DIV> "please be aware that only the dhcp-client-identifier option and the<BR> hardware address can be used to match a host declaration, or the host-<BR> identifier option parameter for DHCPv6 servers. For example, it is<BR> not possible to match a host declaration to a host-name option. This<BR> is because the host-name option cannot be guaranteed to be unique for<BR> any given client, whereas both the hardware address and dhcp-client-<BR> identifier option are at least theoretically guaranteed to be unique to<BR> a given client."</DIV>
<DIV> </DIV>
<DIV>when use duid,the clients may default sent a duid-llt duid , the timestamp can't be controled when I use it to delcare a host,especially that there are lots of clients in my network. Maybe I can use duid-ll in my conf file,but,if the client send a request message with a default duid-llt duid,they can't match each other,do they?</DIV>
<DIV> </DIV>
<DIV>Can you give me some advise?</DIV>
<DIV> </DIV>
<DIV>Look forward to your replay¡£¡£¡£</DIV>
<DIV> </DIV>
<DIV> </DIV></includetail></DIV>