ambiguous log message for unauthorized mac addresses

[MAtteo HCE Valsasna]

Hi,

We're running a number of subnets for known clients only (using deny
unknown-clients), and when an unauthorized client tries to get an
address we get the "no free leases" log message (which became "peer
holds all free leases" on both servers after we switched to a failover
configuration).

That's misleading, because generally there are free leases on the subnet
in question, but the client is not authorized to use them.

Even worse, we tend to disregard those messages, with the risk of not
noticing a real out-of-addresses situation.

I know we could get rid of spurious "no free leases" messaging by using
"ignore unknown-clients", but we prefer to know when an unauthorized
client tries to connect for troubleshooting purposes (so when they call
in we can say "oh, so your mac address is xxx? it is not registered,
that's why internet doesn't work. please go to the portal and register
it and you will be able to use the network in 30 minutes").

Is there any way to configure the server so that we get different
messages when a client which is not authorized to use any pool requests
an address and when a client which is authorized on at least one pool in
the subnet/shared-network cannot be served because of a lack of free leases?

otherwise, could you consider this as an improvement request?



configuration:

we import "known" mac address from a database and build a file with all
host declarations, then we use "with deny unknown clients;" on all pools
in the subnets  we want to reserve to known mac addresses.


best regards

MAtteo Valsasna