Configuring option 82
Bob Harold
rharolde at umich.edu
Fri Sep 27 15:16:30 UTC 2019
On Fri, Sep 27, 2019 at 10:21 AM Sten Carlsen <stenc at s-carlsen.dk> wrote:
>
>
> On 27/09/2019 15.59, Surya Teja wrote:
>
> Hi Bill,
> Do you have 40,000 clients?
> Yes some times the dhcp client traffic reaches nearly 40-50k in my
> environment.
> What is you goal here?
> I want to avoid the untrusted dhcp clients to request the server and fill
> up the leases, So I went through internet and found that option 82 can be a
> similar functionality.
> Link I checked for:
> https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
>
>
> This example has a few problems:
> It defines classes inside the subnet, this is not a good idea. Keep
> declarations global.
> It does not prevent unknown-clients from getting an IP from any of the
> pools, it is missing the deny unknown-clients; statement.
> allow members of "VLAN10"; denies other classes but
> does not deny unknown-clients as you seem to want.
>
It has been my experience that "allow members of VLAN10" implies "deny all
else".
And using "known-clients" or "unknown-clients" in the DHCP config is a bad
idea - if a MAC address is given a DHCP Reserved entry in one subnet, that
suddenly changes its 'known" status on other subnets causing it to get or
lose access to those subnets. Rarely is there a real need for
"known-clients" or "unknown-clients".
--
Bob Harold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/9391272b/attachment.html>
More information about the dhcp-users
mailing list