[Bruce Hudson]

> Im trying to figure out how to deny MAC-addr to connect to the dhcp server.

    You have to basic choices. You can continue to "permit by default" but
add a way to do explicit denies or you can switch to a "deny by default"
and explicitly permit what you want this server to serve.

    To explicitly deny a client, you can create a host stanza and add a
"ignore booting" statement to it. Or you can create a class, add the MAC
address(es) to the class, and deny that class access to the pool.

   (1)	host "some-name" {
	    hardware ethernet 02:03:04:05:06:07;
	    ignore booting;
        }

   (2)  class "BadHosts" {
	    match hardware;
	}

	subnet ... {
	    pool {
		range ...
	        deny members of "BadHosts";
	    }
	}

    To deny by default, use a "allow members of "GoodHosts" statement in
the pool and then add the valid MAC addresses to the "GoodHosts" class.

    None of this will solve the inverse problem. It will not prevent a
host you want to be served from your DHCP server from getting its address
from the other server.
--
Bruce A. Hudson				| Bruce.Hudson at Dal.CA
UCIS, Networks and Systems		|
Dalhousie University			|
Halifax, Nova Scotia, Canada		| (902) 494-3405