Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Permit/deny lists and behavior (Marki) 2. Re: Permit/deny lists and behavior (perl-list) 3. Re: Permit/deny lists and behavior (perl-list) ---------------------------------------------------------------------- Message: 1 Date: Wed, 16 Nov 2022 15:15:28 +0100 From: Marki <dhcp-us...@lists.roth.lu> To: dhcp-users@lists.isc.org Subject: Permit/deny lists and behavior Message-ID: <a36675d7-909f-9ed0-516d-f4c55961c...@lists.roth.lu> Content-Type: text/plain; charset=UTF-8; format=flowed Hello, Maybe someone can enlighten me: The default seems to be that * dynamic address assignment to unknown clients is allowed ("allow unknown-clients" is implicit) and * at the same time static allocations are allowed as well ("allow known-clients" is implicit). This is kind of a contradiction to "If a pool has a permit list, then only those clients that match specific entries on the permit list will be eligible to be assigned addresses from the pool." Or does that mean if I explicitly write "allow known-clients", then unknown clients will be rejected?? Is "unknown-clients" a "list" in that regard? Best regards, Marki ------------------------------ Message: 2 Date: Wed, 16 Nov 2022 11:23:51 -0500 (EST) From: perl-list <perl-l...@network1.net> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: Permit/deny lists and behavior Message-ID: <125484247.62731.1668615831677.javamail.zim...@network1.net> Content-Type: text/plain; charset=utf-8 the absence of any allow or deny keywords just means that the dhcp server does not consider if a client is known or unknown for that subnet. If you add allow known-clients or allow unknown-clients then the inverse becomes true (deny known-clients and deny unknown-clients respectively). You cannot have both an allow and a deny in the same subnet. It won't be considered a syntax error but it also won't do what you expect. Known clients are defined by having a host {} entry. Unknown clients mean they have no host {} entry. You can also allow/deny members of a class {}. These you might see multiple allow lines like: allow members of "class1"; allow members of "class2"; ----- Original Message ----- > From: "Marki" <dhcp-us...@lists.roth.lu> > To: "Users of ISC DHCP" <dhcp-users@lists.isc.org> > Sent: Wednesday, November 16, 2022 9:15:28 AM > Subject: Permit/deny lists and behavior > Hello, > Maybe someone can enlighten me: > The default seems to be that > * dynamic address assignment to unknown clients is allowed ("allow > unknown-clients" is implicit) and > * at the same time static allocations are allowed as well ("allow > known-clients" is implicit). > This is kind of a contradiction to "If a pool has a permit list, then > only those clients that match specific entries on the permit list will > be eligible to be assigned addresses from the pool." > Or does that mean if I explicitly write "allow known-clients", then > unknown clients will be rejected? Is "unknown-clients" a "list" in that > regard? > Best regards, > Marki > -- > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Message: 3 Date: Wed, 16 Nov 2022 11:27:24 -0500 (EST) From: perl-list <perl-l...@network1.net> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: Permit/deny lists and behavior Message-ID: <1459986200.62749.1668616044952.javamail.zim...@network1.net> Content-Type: text/plain; charset=utf-8 correction: > If you add allow known-clients or allow unknown-clients then the inverse > becomes > true (deny known-clients and deny unknown-clients respectively). the inverse would be: deny unknown-clients and deny known-clients respectively. ------------------------------ Subject: Digest Footer _______________________________________________ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 169, Issue 4 ******************************************