members allow/deny question
Glenn Satchell
Glenn.Satchell at uniq.com.au
Thu Nov 30 10:31:31 UTC 2006
>From: "Duane Cox" <duanec at mail.illicom.net>
>To: <dhcp-users at isc.org>
>Subject: members allow/deny question
>Date: Wed, 29 Nov 2006 13:28:03 -0600
>
>Here is a snip from my configuration.
>
>My question is, is the specific "deny" needed?
>What would happen if the "allow" pool was full, but another pool was
>available because there was no deny, assuming I deleted the "deny"
>statement?
>
>shared-network LMC1A-WEST-CH5 {
> subnet 10.11.5.0 netmask 255.255.255.0 {
> }
>
> subnet 10.252.235.128 netmask 255.255.255.224 {
> }
>
> pool {
> failover peer "dhcp";
> deny known-clients;
> deny dynamic bootp clients;
> range 10.11.5.100 10.11.5.250;
> option routers 10.11.5.254;
> allow members of "IPTV";
> }
>
> pool {
> failover peer "dhcp";
> deny known-clients;
> deny dynamic bootp clients;
> range 10.252.235.130 10.252.235.158;
> option routers 10.252.235.129;
> deny members of "IPTV";
> }
>}
If you removed the 'deny members of "IPTV";' in the second pool then
the dhcp server would happily allocate addresses from that second pool
to hosts that possibly did match members of IPTV. Therefore you'd get
some members from the class in each pool. Which pool it used first is a
little hard to predict, but it would use both of them, and probably not
in the order you wanted.
So, if you want your IPTV hosts to only be allocated from the first
pool you need to deny them in other pools.
regards,
-glenn
More information about the dhcp-users
mailing list