Send dhcp-users mailing list submissions to
        dhcp-users@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
        dhcp-users-requ...@lists.isc.org

You can reach the person managing the list at
        dhcp-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Permit/deny lists and behavior (Marki)
   2. Re: Permit/deny lists and behavior (perl-list)
   3. Re: Permit/deny lists and behavior (perl-list)


----------------------------------------------------------------------

Message: 1
Date: Wed, 16 Nov 2022 15:15:28 +0100
From: Marki <dhcp-us...@lists.roth.lu>
To: dhcp-users@lists.isc.org
Subject: Permit/deny lists and behavior
Message-ID: <a36675d7-909f-9ed0-516d-f4c55961c...@lists.roth.lu>
Content-Type: text/plain; charset=UTF-8; format=flowed

Hello,

Maybe someone can enlighten me:

The default seems to be that
* dynamic address assignment to unknown clients is allowed ("allow 
unknown-clients" is implicit) and
* at the same time static allocations are allowed as well ("allow 
known-clients" is implicit).

This is kind of a contradiction to "If a pool has a permit list, then 
only those clients that match specific entries on the permit list will 
be eligible to be assigned addresses from the pool."

Or does that mean if I explicitly write "allow known-clients", then 
unknown clients will be rejected?? Is "unknown-clients" a "list" in that 
regard?

Best regards,
Marki



------------------------------

Message: 2
Date: Wed, 16 Nov 2022 11:23:51 -0500 (EST)
From: perl-list <perl-l...@network1.net>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Permit/deny lists and behavior
Message-ID:
        <125484247.62731.1668615831677.javamail.zim...@network1.net>
Content-Type: text/plain; charset=utf-8

the absence of any allow or deny keywords just means that the dhcp server does 
not consider if a client is known or unknown for that subnet.

If you add allow known-clients or allow unknown-clients then the inverse 
becomes true (deny known-clients and deny unknown-clients respectively).

You cannot have both an allow and a deny in the same subnet.  It won't be 
considered a syntax error but it also won't do what you expect.

Known clients are defined by having a host {} entry.

Unknown clients mean they have no host {} entry.

You can also allow/deny members of a class {}.  These you might see multiple 
allow lines like:

allow members of "class1";
allow members of "class2";

----- Original Message -----
> From: "Marki" <dhcp-us...@lists.roth.lu>
> To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
> Sent: Wednesday, November 16, 2022 9:15:28 AM
> Subject: Permit/deny lists and behavior

> Hello,

> Maybe someone can enlighten me:

> The default seems to be that
> * dynamic address assignment to unknown clients is allowed ("allow
> unknown-clients" is implicit) and
> * at the same time static allocations are allowed as well ("allow
> known-clients" is implicit).

> This is kind of a contradiction to "If a pool has a permit list, then
> only those clients that match specific entries on the permit list will
> be eligible to be assigned addresses from the pool."

> Or does that mean if I explicitly write "allow known-clients", then
> unknown clients will be rejected? Is "unknown-clients" a "list" in that
> regard?

> Best regards,
> Marki

> --
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.

> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


------------------------------

Message: 3
Date: Wed, 16 Nov 2022 11:27:24 -0500 (EST)
From: perl-list <perl-l...@network1.net>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Permit/deny lists and behavior
Message-ID:
        <1459986200.62749.1668616044952.javamail.zim...@network1.net>
Content-Type: text/plain; charset=utf-8

correction:

> If you add allow known-clients or allow unknown-clients then the inverse 
> becomes
> true (deny known-clients and deny unknown-clients respectively).

the inverse would be: deny unknown-clients and deny known-clients respectively.


------------------------------

Subject: Digest Footer

_______________________________________________
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


------------------------------

End of dhcp-users Digest, Vol 169, Issue 4
******************************************

Reply via email to