Project

General

Profile

Actions

Bug #4584

closed

Static Mapped clients on one LAN get a DHCP IP from another LAN even when Deny unknown clients is checked on the other LAN

Added by Phillip Davis over 9 years ago. Updated over 5 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
DHCP (IPv4)
Target version:
-
Start date:
04/05/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Forum: https://forum.pfsense.org/index.php?topic=91391.msg508422#msg508422
Setup with LAN1 and LAN2 - 2 interfaces with different subnets and a DHCP pool within each subnet.
Enable the DHCP server on each of LAN1 and LAN2 and check "Deny unknown clients".
Add a static-mapped client1 to DHCP server on LAN1, and a different client2 on LAN2 (with or without specifying a particular IP address for them)
Connect client1 to LAN1 - it gets an expected address in LAN1 - good.
Connect client2 to LAN2 - it gets an expected address in LAN2 - good.

Now,
Connect client1 to LAN2 - it gets an address in the pool for LAN2
Connect client2 to LAN1 - it gets an address in the pool for LAN1

As per references in the forum, this is expected behavior of ISC-DHCP the way dhcpd.conf is being written.

This could be fixed to be more specifically restrictive by using "class" and "subclass" statements and putting positive "allow member of" in the pool scopes, rather than just using deny unknown-clients.

The webGUI says: If this is checked, only the clients defined below will get DHCP leases from this server.
But actually, "deny unknown-clients" in ISC-DHCP only denies completely-unknown clients, which is different from want the pfSense webGUI is claiming.

Actions

Also available in: Atom PDF