<div dir="ltr"><div dir="ltr"><br></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 27, 2019 at 10:21 AM Sten Carlsen <<a href="mailto:stenc@s-carlsen.dk">stenc@s-carlsen.dk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFCC">
<br>
<br>
<div class="gmail-m_5596414802690410762moz-cite-prefix">On 27/09/2019 15.59, Surya Teja wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Bill,<br>
<div>Do you have 40,000 clients?</div>
<div>Yes some times the dhcp client traffic reaches nearly
40-50k in my environment.</div>
<div>What is you goal here? <br>
</div>
<div>I want to avoid the untrusted dhcp clients to request the
server and fill up the leases, So I went through internet and
found that option 82 can be a similar functionality.</div>
<div>Link I checked for: <a href="https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN" target="_blank">https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN</a>
<br>
</div>
</div>
</blockquote>
This example has a few problems:<br>
It defines classes inside the subnet, this is not a good idea. Keep
declarations global.<br>
It does not prevent unknown-clients from getting an IP from any of
the pools, it is missing the deny unknown-clients; statement.<br>
allow members of "VLAN10"; denies other
classes but does not deny unknown-clients as you seem to want.<br></div></blockquote><div><br></div><div>It has been my experience that "allow members of VLAN10" implies "deny all else".</div><div>And using "known-clients" or "unknown-clients" in the DHCP config is a bad idea - if a MAC address is given a DHCP Reserved entry in one subnet, that suddenly changes its 'known" status on other subnets causing it to get or lose access to those subnets. Rarely is there a real need for "known-clients" or "unknown-clients".</div><div><br></div><div>-- </div><div>Bob Harold</div><div> </div></div></div>