[174081] in North American Network Operators' Group
Re: DHCPv6 authentication
daemon@ATHENA.MIT.EDU (Randy Carpenter)
Wed Aug 20 21:57:38 2014
X-Original-To: nanog@nanog.org
Date: Wed, 20 Aug 2014 21:55:35 -0400 (EDT)
From: Randy Carpenter <rcarpen@network1.net>
To: nanog list <nanog@nanog.org>
In-Reply-To: <2F4EA67A-A730-40E6-99DA-6A1FA5C3AFD8@puck.nether.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
My clients typically do DHCP authentication in order to have the ability to tell which user has which IP at what time. The challenge with doing this with IPv6 is that the original DHCPv6 spec has no provision for there to be any unique identifier that can be tied to a particular user like DHCPv4 does. RFC 6939 defines a way to fix that, but I have yet to see it implemented by anything.
thanks,
-Randy
----- Original Message -----
> If you are already connected to the network you are going to be deemed as
> authenticated. I'm unaware of anyone doing dhcp authentication.
>
> Jared Mauch
>
> > On Aug 20, 2014, at 6:45 PM, "Templin, Fred L" <Fred.L.Templin@boeing.com>
> > wrote:
> >
> > Hi - does anyone know if DHCPv6 authentication is commonly used in
> > operational networks? If so, what has been the experience in terms
> > of DHCPv6 servers being able to discern legitimate clients from
> > rogue clients?
> >
> > Thanks - Fred
> > fred.l.templin@boeing.com
>
>
