Preventing from assign fixed address based on class

Paweł Warowny warp75 at
Mon Jul 1 08:02:19 UTC 2013

On 27 June 2013 21:34, Peter Rathlev <peter at> wrote:

> The client can spoof a vendor-class-identifier along with the MAC
> address so security still isn't perfect even with that selection. The
> modem and CMTS could theoretically enforce something using option 82.

I've already have it resolved on the modem side, so the customer isn't
able to use spoofed MAC.
I also wanted to do it on the dhcp server side just in case.

> You might achieve what you describe though, but using a compound class
> match statement:
> Word on the street is that this doesn't scale; if you have more than a
> few hundred clients you probably need to rethink this.

I've got  a few thousands customers, so it doesn't fit.

> You could take at look at this:

Great, thank you for the link and for your response.

More information about the dhcp-users mailing list