W dniu 17.01.2017 o 19:58, Nandan Adhikari pisze: > I am unable to see any option to configure known-clients or > unknown-clients. Because there are none there currently.
> Ref: https://kea.isc.org/wiki/ConfigurationMigration#PoolAccessControl > > Is there anyway I can manage the access controls? Any helping pointer > would be really great. Can you describe what exactly you want to do? Depending on what's your goal is, there may be things that could be done. Here are couple things to consider. 1. If you want to serve only known clients (e.g. a list of known subscribers or registered devices), you can use host reservation for that. You can define an empty pool, so clients not having a reservation will be rejected completely. 2. If you want known clients to get different options, there is a way. In the upcoming Kea 1.2 we will have the ability to define options for pools. You can define a subnet with options for known clients, define a pool in it with options for unknown clients and define reservations for know clients for addresses that are outside of the pool. This way clients that have a reservation will get whatever address was reserved for them and the options specified for the subnet. Clients that don't have a reservation will get an address from the pool and whatever options were defined in the pool. Just remember that more specific scopes "override" more generic scopes. Global scope is most generic and can be overridden by subnet options. Subnet options can be overridden by pool options, which in turn can be overridden by host specific options. The code for having pool options is available in git repo. It hasn't been tested thoroughly, but you're more than welcome to try it. 3. If you want to have a completely generic way of assigning clients to "unknown" and "known" classes, you'll need to write a hook for it. It shouldn't be too complex, but you will need some C++ experience. The hook should be installed on pkt4_receive hook point. You can then inspect the query4 parameter and check whether there's a lease for the value client sent in ciaddr field. Alternatively, you can install a hook on lease4_select, but it will be a bit more tricky to determine whether that's a new lease or existing lease being renewed. There's no one correct choice here. It all depends on what you're trying to accomplish. Ok, I suppose that's it. Does any of the above answer your question? On a related note, the page you referenced is 3 years old. It probably requires some refresh. Tomek Mrugalski ISC _______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
