<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><br>
      This has worked well here, note the 1: in front of the MAC to be
      denied<br>
      DHCP Server 4.1.1-P1<br>
      <br>
      <br>
       class "badboys" {<br>
        match hardware;<br>
      }<br>
      <br>
      <br>
      subclass "badboys" 1:00:00:00:00:00:00; #Bad enet<br>
      subclass "badboys" 1:00:11:22:33:44:55; #Bad enet<br>
      subclass "badboys" 1:00:1e:33:45:a3:50; #unknown (BBSales) inside
      RSM MDF<br>
      subclass "badboys" 1:88:ae:1d:41:9d:96; #unknown (Richard) RSM <br>
      <br>
      <br>
        ~add deny to the subnet scopes where want to block<br>
      <br>
      subnet  1.8.2.0 netmask 255.255.254.0<br>
      {option routers 1.8.2.1;<br>
       pool {<br>
       ignore client-updates;ddns-updates off;<br>
       range 1.8.2.20 1.8.2.25;<br>
       deny members of "badboys";<br>
       }<br>
      }<br>
      <br>
      best!<br>
      jim<br>
      <br>
      <br>
      On 5/2/2014 2:30 PM, perl-list wrote:<br>
    </div>
    <blockquote
      cite="mid:133821157.154867.1399055455908.JavaMail.zimbra@network1.net"
      type="cite">
      <div style="font-family: Andale Mono; font-size: 10pt; color:
        #000000">
        <div>I want to come up with a method to disallow certain mac
          addresses from getting an address via DHCP.  deny booting
          seems to be the way.  My reading of the man page appears to
          indicate that deny booting will work in the host { }
          declaration.</div>
        <div><br>
        </div>
        <div>
          <hr></div>
        <div>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">       <b>The </b><span class="s1">booting</span> <b>keyword</b></p>
          <p class="p2" style="margin: 0px;" data-mce-style="margin:
            0px;"><br>
          </p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">        <b>allow booting;</b></p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">        <span class="s2"><b>deny </b></span>booting;</p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">        <b>ignore booting;</b></p>
          <p class="p2" style="margin: 0px;" data-mce-style="margin:
            0px;"><br>
          </p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">       The <b>booting </b>flag is used to tell dhcpd
            whether or not to respond to queries from a particular
            client.  This keyword only has meaning when it appears in a
            host declaration.  By default, booting is <b>allow</b>ed,
            but if it is disabled for a particular client, then</p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">       that client will not be able to get an address
            from the DHCP server.</p>
          <hr>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;"><br>
          </p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">So a line like this:</p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;"><br>
          </p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">host bad_client {hardware ethernet 00:03:91:BE:55:38;
            deny booting;}</p>
        </div>
        <div><br>
        </div>
        <div>should cause the DHCP server to not allow the client to
          receive an IP address, correct?  Has anyone done this and can
          confirm that it works?</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>.................</div>
        <div><br>
        </div>
        <div><br>
        </div>
        <div>btw .. the man page says "This keyword only has meaning
          when it appears in a host declaration." for the booting
          keyword as shown above.  I happen to know that it works in the
          global area as well.  The following configuration works to
          deny clients with the matching mac prefix.</div>
        <div><br>
        </div>
        <div>
          <p style="margin: 0px;" data-mce-style="margin: 0px;">if
            (binary-to-ascii(16,8,":",substring(hardware, 1, 3)) =
            "0:3:91") {<br>
                deny booting;<br>
            }</p>
          <p style="margin: 0px;" data-mce-style="margin: 0px;"><br>
          </p>
          <p style="margin: 0px;" data-mce-style="margin: 0px;">Producing
            log messages like this (log message slightly altered to
            protect privacy):</p>
          <p style="margin: 0px;" data-mce-style="margin: 0px;"><br>
          </p>
          <p class="p1" style="margin: 0px;" data-mce-style="margin:
            0px;">May  2 18:28:00 hostname dhcpd: DHCPDISCOVER from
            00:03:91:f0:98:00 via 1.1.1.1: booting disallowed</p>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
dhcp-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>