Help with class match understanding.

[Tom Greaser]

Thanks Simon for taking the time ... I have a MUCH better understanding.

 
 
>>> Simon Hobson <dhcp1 at thehobsons.co.uk> 12/14/07 2:55 PM >>> 
Tom Greaser wrote:

>And since im new to classes.. can i put multiple classes
>per pool ??
>ie.
>subnet 10.1.2.0 netmask 255.255.255.0 {
>pool {
>         option routers 10.1.2.1;
>         range 10.1.2.4 10.1.2.254;
>         allow members of "user-pcs";
>         deny members of "voip-phones";
>         allow memebers of "servers";
>         deny members of "bad-people";
>         allow memeber of "ME";
>         } #ends pool
>}

Yes but do NOT mix allow and deny - it does NOT work like you might 
expect (and I never did manage to follow the explanations that have 
been given !). It isn't processed as a list like you may be used to 
(ie running down the list and applying the first match found).


Simply allow those classes you want to have access (anything not 
allowed will be implicitly denied), or deny those you don't want to 
have access (and anything not explicitly denied will be allowed).

So your example would be :

pool {
         option routers 10.1.2.1;
         range 10.1.2.4 10.1.2.254;
         allow members of "user-pcs";
         allow members of "servers";
         allow member of "ME";
         } #ends pool

which allows members of user-pcs, servers, and ME - while denying 
everything else. Or :

pool {
         option routers 10.1.2.1;
         range 10.1.2.4 10.1.2.254;
         deny members of "voip-phones";
         deny members of "bad-people";
         } #ends pool

which denies members of voip-phones and bad-people while allowing 
everything else.