combine "allow unknown-clients" with "deny all clients"

Chuck Anderson cra at WPI.EDU
Sat Oct 10 15:22:45 UTC 2009

Is it safe to combine "allow unknown-clients" with "deny all clients" 
in a pool declaration?  I just discovered that "known-clients" appears 
to only apply to host declarations.  MAC addresses defined in subclass 
declarations don't match "known-clients".  So, instead of:

pool {
  deny known-clients;
  allow unknown-clients;

which still allows MACs defined in subclasses into the pool, I'd like 
to do this instead:

pool {
  deny all clients;
  allow unknown-clients;

Will this work?  I don't want any known clients at all, whether 
defined in "host" declarations or "subclass" declarations, to be 
allowed into this pool, only genuinely unknown clients.

If the above won't work, does anyone have suggestions on how to make 
this work.  I could use:

deny members of "class1";
deny members of "class2";
deny members of "class3";

etc. but that seems a pain if you have many classes, not all of which 
will be known ahead of time.


More information about the dhcp-users mailing list