[Kea-users] how can I block clients based on hostname

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] how can I block clients based on hostname

ahmed
Hi all,

I wish you could help me with this.

I have a network where some clients clone the mac address of another
clients, they all look the same when requesting for an ip. but luckily for
me, each client has a unique host-name, so I have listed all into two
categories [white list hostnames and blacklist hostnames]. I need the kea
server to refuse offering a lease to any of the blacklist based on their
hostname only, how can I achieve this.

I would really appreciate your help.




--
Sent from: http://kea-users.7364.n8.nabble.com/
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] how can I block clients based on hostname

Christian Kratzer-2
Hi,

On Wed, 27 Feb 2019, ahmed wrote:

> Hi all,
>
> I wish you could help me with this.
>
> I have a network where some clients clone the mac address of another
> clients, they all look the same when requesting for an ip. but luckily for
> me, each client has a unique host-name, so I have listed all into two
> categories [white list hostnames and blacklist hostnames]. I need the kea
> server to refuse offering a lease to any of the blacklist based on their
> hostname only, how can I achieve this.

I would assume that if you have multiple clients with the same mac address
you will have larger problems than dhcp issues.

You will effectively not have a network as switches also do not function
properly.

Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   [hidden email]               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] how can I block clients based on hostname

Francis Dupont
In reply to this post by ahmed
ahmed writes:
> I have a network where some clients clone the mac address of another
> clients, they all look the same when requesting for an ip. but luckily for
> me, each client has a unique host-name, so I have listed all into two
> categories [white list hostnames and blacklist hostnames]. I need the kea
> server to refuse offering a lease to any of the blacklist based on their
> hostname only, how can I achieve this.

=> if a list is not large you can use classification (the hostname
is in an option in the query packet) and a guard on pools or subnets.
 If both white and black lists are large it will be better to use
a hook to do the same thing but with all the resources from a full
programming language, e.g. C++ sets. List updates will be far easier too.

Regards

Francis Dupont <[hidden email]>
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] how can I block clients based on hostname

Francis Dupont
In reply to this post by Christian Kratzer-2
Christian Kratzer writes:
> I would assume that if you have multiple clients with the same mac address
> you will have larger problems than dhcp issues.

=> if they are not on the same link it should work. Two comments:
 - it seems it is the case here because of the (buggy but existent) relay
 - old Sun boxes interpreted the loose IEEE spec as the mac address
  can be a box (vs a NIC) property so with some Sun servers you have
  multiple NICs sharing the same mac address... pretty find to find
  some bugs in interop testing, less in production.

Regards

Francis Dupont <[hidden email]>

PS: in Kea if you do not use a shared network it should work: lookup are
per subnets and clients using duplicated mac addresses are blacklisted.
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users