
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix"><br>

      This has worked well here, note the 1: in front of the MAC to be

      denied<br>

      DHCP Server 4.1.1-P1<br>

      <br>

      <br>

       class "badboys" {<br>

        match hardware;<br>

      }<br>

      <br>

      <br>

      subclass "badboys" 1:00:00:00:00:00:00; #Bad enet<br>

      subclass "badboys" 1:00:11:22:33:44:55; #Bad enet<br>

      subclass "badboys" 1:00:1e:33:45:a3:50; #unknown (BBSales) inside

      RSM MDF<br>

      subclass "badboys" 1:88:ae:1d:41:9d:96; #unknown (Richard) RSM <br>

      <br>

      <br>

        ~add deny to the subnet scopes where want to block<br>

      <br>

      subnet  1.8.2.0 netmask 255.255.254.0<br>

      {option routers 1.8.2.1;<br>

       pool {<br>

       ignore client-updates;ddns-updates off;<br>

       range 1.8.2.20 1.8.2.25;<br>

       deny members of "badboys";<br>

       }<br>

      }<br>

      <br>

      best!<br>

      jim<br>

      <br>

      <br>

      On 5/2/2014 2:30 PM, perl-list wrote:<br>

    </div>

    <blockquote

      cite="mid:133821157.154867.1399055455908.JavaMail.zimbra@network1.net"

      type="cite">

      <div style="font-family: Andale Mono; font-size: 10pt; color:

        #000000">

        <div>I want to come up with a method to disallow certain mac

          addresses from getting an address via DHCP.  deny booting

          seems to be the way.  My reading of the man page appears to

          indicate that deny booting will work in the host { }

          declaration.</div>

        <div><br>

        </div>

        <div>

          <hr></div>

        <div>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">       <b>The </b><span class="s1">booting</span> <b>keyword</b></p>

          <p class="p2" style="margin: 0px;" data-mce-style="margin:

            0px;"><br>

          </p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">        <b>allow booting;</b></p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">        <span class="s2"><b>deny </b></span>booting;</p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">        <b>ignore booting;</b></p>

          <p class="p2" style="margin: 0px;" data-mce-style="margin:

            0px;"><br>

          </p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">       The <b>booting </b>flag is used to tell dhcpd

            whether or not to respond to queries from a particular

            client.  This keyword only has meaning when it appears in a

            host declaration.  By default, booting is <b>allow</b>ed,

            but if it is disabled for a particular client, then</p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">       that client will not be able to get an address

            from the DHCP server.</p>

          <hr>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;"><br>

          </p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">So a line like this:</p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;"><br>

          </p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">host bad_client {hardware ethernet 00:03:91:BE:55:38;

            deny booting;}</p>

        </div>

        <div><br>

        </div>

        <div>should cause the DHCP server to not allow the client to

          receive an IP address, correct?  Has anyone done this and can

          confirm that it works?</div>

        <div><br>

        </div>

        <div><br>

        </div>

        <div>.................</div>

        <div><br>

        </div>

        <div><br>

        </div>

        <div>btw .. the man page says "This keyword only has meaning

          when it appears in a host declaration." for the booting

          keyword as shown above.  I happen to know that it works in the

          global area as well.  The following configuration works to

          deny clients with the matching mac prefix.</div>

        <div><br>

        </div>

        <div>

          <p style="margin: 0px;" data-mce-style="margin: 0px;">if

            (binary-to-ascii(16,8,":",substring(hardware, 1, 3)) =

            "0:3:91") {<br>

                deny booting;<br>

            }</p>

          <p style="margin: 0px;" data-mce-style="margin: 0px;"><br>

          </p>

          <p style="margin: 0px;" data-mce-style="margin: 0px;">Producing

            log messages like this (log message slightly altered to

            protect privacy):</p>

          <p style="margin: 0px;" data-mce-style="margin: 0px;"><br>

          </p>

          <p class="p1" style="margin: 0px;" data-mce-style="margin:

            0px;">May  2 18:28:00 hostname dhcpd: DHCPDISCOVER from

            00:03:91:f0:98:00 via 1.1.1.1: booting disallowed</p>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

dhcp-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>

<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>

    </blockquote>

    <br>

  </body>

</html>