On Wed, Jul 08, 2009 at 06:25:35PM -0700, Peter Memishian wrote: > Per the RFC (and per our implementation) the DHCP server must use the > client ID when it's available, and fallback to chaddr when the client ID > is not available. We rely on this for e.g the DHCP client to work with > IPMP. The relevant text in RFC2131 is: > > A DHCP server needs to use some unique identifier to associate a > client with its lease. The client MAY choose to explicitly provide > the identifier through the 'client identifier' option. If the client > supplies a 'client identifier', the client MUST use the same 'client > identifier' in all subsequent messages, and the server MUST use that > identifier to identify the client. If the client does not provide a > 'client identifier' option, the server MUST use the contents of the > 'chaddr' field to identify the client. >
do you know under what circumstances would a client choose a client-ID different from chaddr? I am trying to understand when we can do DHCP antispoof and when we cannot (without setting up explicit ACLs). thanks eric
