Can subclass work for me?

Marc Perea marccp at
Mon Feb 16 19:55:28 UTC 2009

Hello list,
I have a problem where I have a finite list of vendor MAC addresses that I'd like to allow to get DHCP service, and any not in my approved list I'd like to ignore. I have an additional requirement that I must use option 82 info to assign a static IP (which I'm doing by creating a class for each option 82 client, and setting a pool of 1 IP per class).

I had hoped to have a class named valid_oui where it matches if substring(hardware(1,3) = [valid oui1] or substring(hardware(1,3) = [valid oui2] ... and so forth. If I'm reading the documentation correctly, subclasses won't work out for me, since I'd like a subclass to start having matched an OUI, and _then_ also match on specific option 82 data. I believe the subclass will instead match vendor oui 1, vendor oui 2, etc. Stated another way, can I start working with a class/subclass caring about the hardware address and then switch to caring about option agent.circuit-id once I've passed some criteria for hardware?

Is there a better way for me to consider doing what I'm trying here, or should I start looking into snort to filter my ingress dhcp requests and filter them there?

In case it matters, it is more important for me to match an IP to a circuit-ID than it is to deny service to unknown OUIs, and the former is already running in production.


Marc Perea
Network Support Engineer
SRT Communications, Inc.
marccp at

More information about the dhcp-users mailing list