Proper use of "allow/deny unknown-clients"?

John Miller johnmill at
Tue Aug 20 17:54:57 UTC 2013

Hello folks,

We're running into a seemingly odd issue:  when we specify "allow
unknown-clients" within one of our address pools, known clients are no
longer to obtain IP addresses.  When we remove the allow/deny rule
altogether, there's no problem with either known or unknown clients

Can anyone shed some light on the proper use of this parameter, and why
explicitly specifying an allow rule would block out known clients?

We've got a ton of address pools, so I won't list them all, but the
relevant pool is:

shared-network GuestWIRELESSNORTH {
    subnet netmask {
        option broadcast-address;
        option routers;
        option domain-name-servers,;
        option domain-name "";
        default-lease-time 3600;
        max-lease-time 3600;
        ddns-updates on;
    pool {
          allow unknown-clients;
          failover peer "brandeis-dhcp";

John Miller
Systems Engineer
Brandeis University
johnmill at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list