static IPs, nested logic

Andrei Filimonov af at baltmax.com
Wed Jun 21 12:40:40 UTC 2006


Hi,

Could anybody please help me finding an efficient solution.
I have 2 questions.

1) How do i manage static ip addresses, if the only way to identify the 
client is by his option agent.remote-id number;

The easy way would be creating a separate class for each ip addres like:

   class "aaa-bbb-ccc-ddd" {
       match if option agent.remote-id = 00:00:ff:aa:d2:19;
   }

then simply place this class in a pool with one ip address

   pool {
       ...
       deny members of "aaa-bbb-ccc-ddd";
       range aaa.bbb.ccc.1 aaa.bbb.ccc.253;
   }

   pool {
       allow members of "aaa-bbb-ccc-ddd";
       range aaa.bbb.ccc.254 aaa.bbb.ccc.254;
   }
   ...

but this is very inconvenient because the number of pools and static ip 
addresses is starting to grow.
Soon there will be like 500 classes for static users, and 500 such 1 
address subpools, that is very difficult to manage.
What could be the solution?

2) The only way to identify the subnet ( subnet from which the 
particular user should recive an ip address ) is by the option 
agent.circuit-id number.

so i create a class for each subnet
like

   class "subnet1" {
       match if option agent.circuit-id = 00:00:00:01;
   }

and then i place
that class in an adequate subnet
like

   subnet aaa.bbb.ccc.0 netmask 255.255.255.0 {
       option routers blah blah
       ..
       pool{
          allow members of "subnet1";
          ..
       }
   }

it works ok.
But what if i want to add an additional pool to the subnet, for the 
users with restricted rights for example.
So i want the server to select the right subnet for the user and only 
then filter them by other classes which are irrelevant to the subnet 
user chooses to be in.

   pool{
       allow members of "subnet1";
       deny members of  "restrictedusers";
       ..
   }

   pool{
       allow mumbers of "subnet1";
       allow members of "restrictedusers";
       ...
   }

something like that wont work because allows/denies have OR logic if I'm 
not mistaken.
so how do i make a nested criteria.

something like

..{
       allow members of "subnet1";
       pool{
          deny members of "group1";
           ...
       }
       pool{
          allow members of "group1";
          ...
       }
   }

Thank you.








More information about the dhcp-users mailing list