Hi Jared, I am assuming 802.1x (or equivalent) security at L2, but the "link" between my DHCPv6 client and server is actually a tunnel that may travel over many network layer hops. So, it is possible for legitimate client A to have its leases canceled by rogue client B unless DHCPv6 auth or something similar is used. Yes, rogue client B would also have to be authenticated to connect to the network the same as legitimate client A, but it could be an "insider attack" (e.g., where B is a disgruntled employee trying to get back at a corporate adversary A).
Thanks - Fred fred.l.temp...@boeing.com > -----Original Message----- > From: Jared Mauch [mailto:ja...@puck.nether.net] > Sent: Wednesday, August 20, 2014 5:14 PM > To: Templin, Fred L > Cc: nanog list > Subject: Re: DHCPv6 authentication > > If you are already connected to the network you are going to be deemed as > authenticated. I'm unaware > of anyone doing dhcp authentication. > > Jared Mauch > > > On Aug 20, 2014, at 6:45 PM, "Templin, Fred L" <fred.l.temp...@boeing.com> > > wrote: > > > > Hi - does anyone know if DHCPv6 authentication is commonly used in > > operational networks? If so, what has been the experience in terms > > of DHCPv6 servers being able to discern legitimate clients from > > rogue clients? > > > > Thanks - Fred > > fred.l.temp...@boeing.com
