combine "allow unknown-clients" with "deny all clients"
Chuck Anderson
cra at WPI.EDU
Sat Oct 10 15:22:45 UTC 2009
Is it safe to combine "allow unknown-clients" with "deny all clients"
in a pool declaration? I just discovered that "known-clients" appears
to only apply to host declarations. MAC addresses defined in subclass
declarations don't match "known-clients". So, instead of:
pool {
deny known-clients;
allow unknown-clients;
}
which still allows MACs defined in subclasses into the pool, I'd like
to do this instead:
pool {
deny all clients;
allow unknown-clients;
}
Will this work? I don't want any known clients at all, whether
defined in "host" declarations or "subclass" declarations, to be
allowed into this pool, only genuinely unknown clients.
If the above won't work, does anyone have suggestions on how to make
this work. I could use:
deny members of "class1";
deny members of "class2";
deny members of "class3";
etc. but that seems a pain if you have many classes, not all of which
will be known ahead of time.
Thanks.
More information about the dhcp-users
mailing list