[Dnsmasq-discuss] DHCPv6 and MAC
Martin Babutzka
martin.babutzka at online.de
Wed Feb 5 10:40:57 GMT 2014
Hi Simon,
Its exciting to hear that future DNSmasq versions can combine DHCPv6 with MAC
adresses. We ran into the same problem with our provisioning system but I found
a simple workaround which might be interesting for DNSmasq users with DHCPv6 who
dont want to work with the most bleeding edge version:
- Once the device has a global ipv6 address its MAC address can be accessed with
neighbourhood discovery
- Install ndisc6 on your system
- Activate the scripting function of DNSmasq ("dhcp-script")
- Get the MAC address anywhere in the script with: mac=$(ndisc6 -q $3 ethXYZ |
tr "[:upper:]" "[:lower:]")
- This works for all "new" and all "old" DHCP assignments
- After this use the script to log data, check the MAC in databases, switch
on/off firewall rules, ....
Don't rely on the DUIDs - some systems are actually CHANGING them.
Cheers,
Martin
> Simon Kelley <simon at thekelleys.org.uk> hat am 4. Februar 2014 um 21:58
> geschrieben:
>
>
> On 29/01/14 09:53, Shai Venter wrote:
> > Hello /Simon Kelley/
> >
> > Referring to
> >
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q1/006818.html
> >
> > The thread mainly focuses on Operating System side of a IPv6 dhclient
> > functions.
> >
> > But here are other aspects of the issue, more difficult to figure out:
> >
> > The World of UEFI IPv6 network boot agents residing on a system’s FW
> > (a.k.a UNDI)
> >
> > Host Management (BMC’s) that support IPv6
> >
> > For those two dhclients, an administrator’s nightmare begins in trying
> > to understand what DUID approach was chosen by the original manufacturer
> > ( the vendor )
> >
> > And that would only go down the hill if more than one NIC exist in the
> > system
> >
> > Can you please comment on that, knowing what you know on DUID approach
> >
> > How can a network administrator have control of the IP address
> > assignment for specific clients, in a DHCP server/dnsmasq config, to
> > clients of the types I described above
> >
> > This is just food for thought …
> >
> > Shai Venter,
> >
> > NIC FW QA engineer
> >
> > Mellanox Technologies LTD
> >
>
> The whole DUID approach sucks badly when you want to provision
> equipment. Most times, even if there's a stable DUID associated with
> each piece of hardware, there's no way to enumerate that into a
> provisioning database ahead of actually doing the provisioning.
> Data-centre jockeys have managed to persuade the builders of blade
> systems, servers, and storage gear that they need a way to harvest
> hardware-IDs, after a long struggle, and what they've got is a way to
> harvest MAC addresses. Therefore you need to be able to provision using
> MAC addresses.
>
>
> Note that things are improving with DHCPv6, the latest release of
> dnsmasq _can_ associate IPv6 addresses with MAC addresses.
>
>
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140205/570c33b5/attachment.html>
More information about the Dnsmasq-discuss
mailing list