How does DHCPD determine what IP address to assign and...
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Jan 2 20:59:35 UTC 2008
Ryan McCain wrote:
>I'm back at it again. The DHCP client connect with Async in the UID
>string and was assigned the IP address of 10.116.6.179 which was the
>first available address in the subnet I am trying to prevent the client
>from grabbing an IP address from. I'm banging me head against the wall
>over here..
>
>-SNIP-
>
>class "DialUp" {
> match if (substring(suffix(dhcp-client-identifier,7),0,5)="Async")
>
> or
>
>(substring(suffix(dhcp-client-identifier,6),0,5)="Async") ;
> log (info, " Matched Dialup Rule");
> }
>}
>
>-SNIP-
>
>#DialUp
>subnet 10.116.6.0 netmask 255.255.255.0 {
> pool {
> allow members of "DialUp";
> range 10.116.6.1 10.116.6.8;
> option routers 10.116.6.1;
> }
>}
>
>-SNIP-
>
>#VPN
> subnet 10.116.6.0 netmask 255.255.255.0 {
>pool {
> deny members of "DialUp";
> range 10.116.6.1 10.116.6.179 ;
> option routers 10.116.6.254 ;
> }
>}
>
>... What am I doing wrong?
I don't know, my crystal ball has gone AWOL ;-)
I suggest the first thing you need to do is see if anything got
logged - like " Matched Dialup Rule" !
If it wasn't logged then you still don't have your match statement right.
I would suggest you try logging some raw data in the global scope -
that way you can see what the client is sending. You might also try
logging substring(suffix(dhcp-client-identifier,7),0,5) and
substring(suffix(dhcp-client-identifier,6),0,5) to see what they
produce.
Unfortunately, you are into the "what's going on inside this black
box" zone - but you can at least add some logging statements to give
you a window into the data it is handling.
Another thing you can do is grab packets off the wire with something
like tcdump or wireshark - you can then inspect the packet and see
what data the client is sending.
More information about the dhcp-users
mailing list