Bug #4584

Static Mapped clients on one LAN get a DHCP IP from another LAN even when Deny unknown clients is checked on the other LAN

Added by Phillip Davis over 5 years ago. Updated over 1 year ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


Setup with LAN1 and LAN2 - 2 interfaces with different subnets and a DHCP pool within each subnet.
Enable the DHCP server on each of LAN1 and LAN2 and check "Deny unknown clients".
Add a static-mapped client1 to DHCP server on LAN1, and a different client2 on LAN2 (with or without specifying a particular IP address for them)
Connect client1 to LAN1 - it gets an expected address in LAN1 - good.
Connect client2 to LAN2 - it gets an expected address in LAN2 - good.

Connect client1 to LAN2 - it gets an address in the pool for LAN2
Connect client2 to LAN1 - it gets an address in the pool for LAN1

As per references in the forum, this is expected behavior of ISC-DHCP the way dhcpd.conf is being written.

This could be fixed to be more specifically restrictive by using "class" and "subclass" statements and putting positive "allow member of" in the pool scopes, rather than just using deny unknown-clients.

The webGUI says: If this is checked, only the clients defined below will get DHCP leases from this server.
But actually, "deny unknown-clients" in ISC-DHCP only denies completely-unknown clients, which is different from want the pfSense webGUI is claiming.


#1 Updated by Jose Duarte about 2 years ago


I would like to bring this bug from the grave.
This still applies in latest versions and it's definitely a big problem for people using Deny unknown clients option in multiple interfaces/vlans.

#2 Updated by Daniel Koh over 1 year ago

Bringing this up again to see if anyone will fix.

#4 Updated by Jim Pingle over 1 year ago

  • Target version set to 2.5.0

#5 Updated by Jim Pingle over 1 year ago

  • Status changed from New to Duplicate

Duplicate of #1605

#6 Updated by Jim Pingle over 1 year ago

  • Target version deleted (2.5.0)

Also available in: Atom PDF