Bug #1605
closedDHCP Server should group known clients by interface
100%
Description
This is an old issue initially reported by LJ Rand in 2006 on another forum. No one has answered since those days. But the problem is still there:
My setup:
I've set up several VLANs behind the pfsense firewall (v2.0 RC2) and enabled DHCP on these. For all VLANs, I have enabled the DHCP setting "Deny unknown clients".
For three of those VLANs, I have set aside a dynamic range of IP addresses and enumerated the MACs of permitted clients. My VLANs are port-specific, rather than MAC-specific.
My issue:
If I had a laptop that was listed in pfsense DHCP server under VLAN A, but was plugged into a port assigned to VLAN B, I would have hoped that the firewall would consider that laptop is an unknown client on VLAN B and refused it DHCP service. Instead, it seems that pfsense does not care that the laptop was listed under VLAN A, and happily gives it an address from the dynamic range of VLAN B. That's tantamount to VLAN hopping, me thinks.
It seems that it is regardless in which MAC address list a DHCP client is listed.
Kind regards,
routerfreak