[ previous ] [ next ] [ threads ]
 From:  "apiasecki at midatlanticbb dot com" <apiasecki at midatlanticbb dot com>
 To:  daniele dot guazzoni at gcomm dot ch
 Cc:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] deny certain mac address from getting an ip?
 Date:  Mon, 16 Jun 2008 21:06:48 -0400
I had a situation where this would have helped me.

We had two DHCP Servers on the same physical network. Granted vlans 
would have been the way to go, but we did not have vlan aware switches. 
So, the only thing preventing me from running it all on the same vlan 
was the DHCP server.  Both networks needed to get DHCP address's. One 
network was full of random laptop and devices. The other network was a 
bunch of Cable Modems. Because all the cable modems are made from the 
same manufacture, they all have the same starting range for the mac 

So one DHCP server would be set to deny all MAC address's from cable 
modem range
The other would be set to only allow the cable modem MAC range.

I heard that some DHCP servers can do this.


Daniele Guazzoni wrote:
> So you don't want to keep a list of your known clients, ok.
> Wouldn't be simpler to define a range within your subnet for 
> "blacklist" (drop any to/from) and assign assign one of those IP to 
> the MAC you want to blackout ?
> PS: m0n0wall is cutting-edge but it still not work with AI (Artificial 
> Intelligence) and will therefore not understand your XML word games...
> Daniele
> YvesDM wrote:
>> On Sun, Jun 15, 2008 at 8:53 PM, Chris Buechler <cbuechler at gmail dot com> 
>> wrote:
>> Ok, I tried this.
>> It didn't blow up dhcp, that's the good news :-)
>> I started with adding a bogus ip (valid ip, though from a total 
>> different
>> subnet) as static mapping to my mac address in the config.xml and 
>> uploaded
>> it again.
>> Result: m0n0wall assigned the client simply an ip from inside its 
>> dhcp range
>> and ignores the static mapping.
>> Then I tried to do the same with the ip in the static mapping
>> config.
>> Result: same as above.
>> Then I checked "Deny unknown clients" in the dhcp server config.
>> This writes an entry in the xml named <denyunknown/>
>> I tried to change it in the config to <denyknown/> (you never know 
>> :-) but
>> this also didn't prevent my laptop from getting an ip out of the dhcp 
>> range.
>> So basicly, I could not prevent the client from getting an ip.
>> If anyone knows a way to do this it would be nice to know.
>> Kind regards,
>> Y.