<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix"><br>
This has worked well here, note the 1: in front of the MAC to be
denied<br>
DHCP Server 4.1.1-P1<br>
<br>
<br>
class "badboys" {<br>
match hardware;<br>
}<br>
<br>
<br>
subclass "badboys" 1:00:00:00:00:00:00; #Bad enet<br>
subclass "badboys" 1:00:11:22:33:44:55; #Bad enet<br>
subclass "badboys" 1:00:1e:33:45:a3:50; #unknown (BBSales) inside
RSM MDF<br>
subclass "badboys" 1:88:ae:1d:41:9d:96; #unknown (Richard) RSM <br>
<br>
<br>
~add deny to the subnet scopes where want to block<br>
<br>
subnet 1.8.2.0 netmask 255.255.254.0<br>
{option routers 1.8.2.1;<br>
pool {<br>
ignore client-updates;ddns-updates off;<br>
range 1.8.2.20 1.8.2.25;<br>
deny members of "badboys";<br>
}<br>
}<br>
<br>
best!<br>
jim<br>
<br>
<br>
On 5/2/2014 2:30 PM, perl-list wrote:<br>
</div>
<blockquote
cite="mid:133821157.154867.1399055455908.JavaMail.zimbra@network1.net"
type="cite">
<div style="font-family: Andale Mono; font-size: 10pt; color:
#000000">
<div>I want to come up with a method to disallow certain mac
addresses from getting an address via DHCP. deny booting
seems to be the way. My reading of the man page appears to
indicate that deny booting will work in the host { }
declaration.</div>
<div><br>
</div>
<div>
<hr></div>
<div>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> <b>The </b><span class="s1">booting</span> <b>keyword</b></p>
<p class="p2" style="margin: 0px;" data-mce-style="margin:
0px;"><br>
</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> <b>allow booting;</b></p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> <span class="s2"><b>deny </b></span>booting;</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> <b>ignore booting;</b></p>
<p class="p2" style="margin: 0px;" data-mce-style="margin:
0px;"><br>
</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> The <b>booting </b>flag is used to tell dhcpd
whether or not to respond to queries from a particular
client. This keyword only has meaning when it appears in a
host declaration. By default, booting is <b>allow</b>ed,
but if it is disabled for a particular client, then</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"> that client will not be able to get an address
from the DHCP server.</p>
<hr>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"><br>
</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;">So a line like this:</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;"><br>
</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;">host bad_client {hardware ethernet 00:03:91:BE:55:38;
deny booting;}</p>
</div>
<div><br>
</div>
<div>should cause the DHCP server to not allow the client to
receive an IP address, correct? Has anyone done this and can
confirm that it works?</div>
<div><br>
</div>
<div><br>
</div>
<div>.................</div>
<div><br>
</div>
<div><br>
</div>
<div>btw .. the man page says "This keyword only has meaning
when it appears in a host declaration." for the booting
keyword as shown above. I happen to know that it works in the
global area as well. The following configuration works to
deny clients with the matching mac prefix.</div>
<div><br>
</div>
<div>
<p style="margin: 0px;" data-mce-style="margin: 0px;">if
(binary-to-ascii(16,8,":",substring(hardware, 1, 3)) =
"0:3:91") {<br>
deny booting;<br>
}</p>
<p style="margin: 0px;" data-mce-style="margin: 0px;"><br>
</p>
<p style="margin: 0px;" data-mce-style="margin: 0px;">Producing
log messages like this (log message slightly altered to
protect privacy):</p>
<p style="margin: 0px;" data-mce-style="margin: 0px;"><br>
</p>
<p class="p1" style="margin: 0px;" data-mce-style="margin:
0px;">May 2 18:28:00 hostname dhcpd: DHCPDISCOVER from
00:03:91:f0:98:00 via 1.1.1.1: booting disallowed</p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
</blockquote>
<br>
</body>
</html>