[kea-dev] boot-unknown-clients equivalent?
Peter Davies
peterd at isc.org
Wed May 3 09:40:12 UTC 2023
Hi Phillip,
This will only work if you define it globally.
If you only want to allow clients with reservations in a certain subnet
then you
should create the subnet with no pool definitions.
Kind Regards Peter
On 02/05/2023 17.45, Philip Prindeville wrote:
> In this case, the local configuration was already using "boot-unknown-clients false;" so I don't think there's any (additional) risk.
>
> How does one invoke that inside a subnet section?
>
>
>
>> On Apr 30, 2023, at 4:48 AM, Peter Davies <peterd at isc.org> wrote:
>>
>> Hi Philip,
>>
>> If you only employ host reservations, then the built-in "KNOW" class may be use to restrict clients.
>>
>> For example:
>>
>> "client-classes": [{
>> "name": "DROP",
>> "test": "not member('KNOWN')"} ],
>>
>> ...
>>
>> I advise caution, as this will drop all packet that are not associated with a host reservation.
>>
>> /Peter
>>
>>
>> On 25/04/2023 03.46, Philip Prindeville wrote:
>>> Hi,
>>>
>>> I'm trying to port the isc-dhcp support in OpenWrt to migrate to Kea transparently.
>>>
>>> I've tried to use keama to show me what the synthesized configs should look like, but there's a lot that keama doesn't handle that seems to be in the scope of what Kea is capable of.
>>>
>>> For instance, "boot-unknown-clients false;" can be handled using the DROP class an not(member(KNOWN)) but I can't figure out the exact notation.
>>>
>>> Can someone point me at an example? I couldn't turn one up via google.
>>>
>>> BTW, the existing code to take UCI config blocks and synthesize dhcpd.conf lives here:
>>>
>>> https://github.com/openwrt/packages/blob/master/net/isc-dhcp/files/dhcpd.init
>>>
>>> Thanks,
>>>
>>> -Philip
>>>
>> --
>> kea-dev mailing list
>> kea-dev at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-dev
--
Peter Davies
Support Engineer
Internet Systems Corporation
peterd at isc.org
001 650-423-1460
More information about the kea-dev
mailing list