Mysterious missing DHCPv6 feature, was Re: How does one obtain an IPv6 DNS server when VPNing to an ASA?
Gert Doering
gert at space.net
Fri May 28 09:50:33 CEST 2010
Hi,
On Thu, May 27, 2010 at 03:37:17PM -0700, Doug Barton wrote:
> At one place I worked we had a setup where the MAC addresses for known
> hosts were saved in a database along with their appropriate subnets and
> other important information. When those hosts connected to the DHCP
> server they were assigned the appropriate configuration and the switch
> port they were attached to was configured for the proper VLAN, etc.
> Connecting an unknown host got you routed to the "guest" network.
While a fairly common scenario, this is usually not tied to DHCP in
the first place (but to a MAC->VLAN databases, either in the switches
or in a switch management software). DHCP only starts after the
device is already in the right VLAN. Of course it can be done the other
way round, but sounds like an interesting amount of trickery in the
DHCP server.
But this sounds like a nice approach to security. Change your laptop's
MAC address, get access to whatever VLAN you want...?
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 150584
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list