Help with class match understanding.
Tom Greaser
tgreaser at hsc.wvu.edu
Fri Dec 14 21:29:45 UTC 2007
Thanks Simon for taking the time ... I have a MUCH better understanding.
>>> Simon Hobson <dhcp1 at thehobsons.co.uk> 12/14/07 2:55 PM >>>
Tom Greaser wrote:
>And since im new to classes.. can i put multiple classes
>per pool ??
>ie.
>subnet 10.1.2.0 netmask 255.255.255.0 {
>pool {
> option routers 10.1.2.1;
> range 10.1.2.4 10.1.2.254;
> allow members of "user-pcs";
> deny members of "voip-phones";
> allow memebers of "servers";
> deny members of "bad-people";
> allow memeber of "ME";
> } #ends pool
>}
Yes but do NOT mix allow and deny - it does NOT work like you might
expect (and I never did manage to follow the explanations that have
been given !). It isn't processed as a list like you may be used to
(ie running down the list and applying the first match found).
Simply allow those classes you want to have access (anything not
allowed will be implicitly denied), or deny those you don't want to
have access (and anything not explicitly denied will be allowed).
So your example would be :
pool {
option routers 10.1.2.1;
range 10.1.2.4 10.1.2.254;
allow members of "user-pcs";
allow members of "servers";
allow member of "ME";
} #ends pool
which allows members of user-pcs, servers, and ME - while denying
everything else. Or :
pool {
option routers 10.1.2.1;
range 10.1.2.4 10.1.2.254;
deny members of "voip-phones";
deny members of "bad-people";
} #ends pool
which denies members of voip-phones and bad-people while allowing
everything else.
More information about the dhcp-users
mailing list