Help with class match understanding.

Simon Hobson dhcp1 at
Fri Dec 14 19:55:46 UTC 2007

Tom Greaser wrote:

>And since im new to classes.. can i put multiple classes
>per pool ??
>subnet netmask {
>pool {
>         option routers;
>         range;
>         allow members of "user-pcs";
>         deny members of "voip-phones";
>         allow memebers of "servers";
>         deny members of "bad-people";
>         allow memeber of "ME";
>         } #ends pool

Yes but do NOT mix allow and deny - it does NOT work like you might 
expect (and I never did manage to follow the explanations that have 
been given !). It isn't processed as a list like you may be used to 
(ie running down the list and applying the first match found).

Simply allow those classes you want to have access (anything not 
allowed will be implicitly denied), or deny those you don't want to 
have access (and anything not explicitly denied will be allowed).

So your example would be :

pool {
         option routers;
         allow members of "user-pcs";
         allow members of "servers";
         allow member of "ME";
         } #ends pool

which allows members of user-pcs, servers, and ME - while denying 
everything else. Or :

pool {
         option routers;
         deny members of "voip-phones";
         deny members of "bad-people";
         } #ends pool

which denies members of voip-phones and bad-people while allowing 
everything else.

More information about the dhcp-users mailing list