[c-nsp] Excluding MAC address from DHCP
james edwards
hackerwacker at cybermesa.com
Wed Jan 26 17:06:28 EST 2005
Cool, thanks. A few questions, though. I have a nasty multipoint interface
for DSL and a DHCP pool
is attached to the BVI. All pvc's will be moved to individual if's doing
"atm routed-bridge" shortly
but for now I need a better way to take down infected users. We do not auth
here as the LEC does
not supply routers that support PPPoX.
Here is the present conifg:
ip dhcp pool foobar
network a.b.c.0. 255.255.255.0
domain-name cybermesa.com
default-router a.b.c.d
lease 0 2
!
interface ATM4/ima0.1 multipoint
description Espanola DSL Bridged IMA group
no ip redirects
no ip unreachables
no ip mroute-cache
pvc 0/36
!
pvc 0/37
!
pvc 0/38
!
pvc 0/39
/////////
!
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address a.b.c.d 255.255.255.0
ip verify unicast source reachable-via rx allow-self-ping
no ip redirects
no ip unreachables
no ip proxy-arp
arp timeout 3600
clns mtu 1514
hold-queue 150 in
So if I add:
ip dhcp pool infected
host 1.1.1.1
hardware-address 02c7.f800.0422 ieee802
Will the pvc (on ATM4/ima0.1) which has hardware-address 02c7.f800.0422
ieee802 (client side)
get address 1.1.1.1, while the others get assigned addresses out of dhcp
pool foobar ?
Reading at CCO, it seems I need to do a "ip dhcp pool <whatever>" for each
MAC address, correct ?
Thanks so much for the help !
James H. Edwards
Routing and Security Administrator
At the Santa Fe Office: Internet at Cyber Mesa
jamesh at cybermesa.com noc at cybermesa.com
http://www.cybermesa.com/ContactCM
(505) 795-7101
More information about the cisco-nsp
mailing list