How does DHCPD determine what IP address to assign and...

Simon Hobson dhcp1 at thehobsons.co.uk
Wed Jan 2 20:59:35 UTC 2008


Ryan McCain wrote:

>I'm back at it again.  The DHCP client connect with Async in the UID
>string and was assigned the IP address of 10.116.6.179 which was the
>first available address in the subnet I am trying to prevent the client
>from grabbing an IP address from.  I'm banging me head against the wall
>over here..
>
>-SNIP-
>
>class "DialUp" {
>     match if (substring(suffix(dhcp-client-identifier,7),0,5)="Async")
>
>                    or
>                 
>(substring(suffix(dhcp-client-identifier,6),0,5)="Async") ;
>             log (info, " Matched Dialup Rule");
>                         }
>}
>
>-SNIP-
>
>#DialUp
>subnet 10.116.6.0 netmask 255.255.255.0 {
>  pool {
>   allow members of "DialUp";
>   range 10.116.6.1 10.116.6.8;
>   option routers 10.116.6.1;
>       }
>}
>
>-SNIP-
>
>#VPN
>   subnet 10.116.6.0 netmask 255.255.255.0 {
>pool { 
>   deny members of "DialUp"; 
>   range 10.116.6.1 10.116.6.179 ;
>   option routers 10.116.6.254 ;
>      }
>}
>
>... What am I doing wrong?

I don't know, my crystal ball has gone AWOL ;-)

I suggest the first thing you need to do is see if anything got 
logged - like " Matched Dialup Rule" !

If it wasn't logged then you still don't have your match statement right.

I would suggest you try logging some raw data in the global scope - 
that way you can see what the client is sending. You might also try 
logging substring(suffix(dhcp-client-identifier,7),0,5) and 
substring(suffix(dhcp-client-identifier,6),0,5) to see what they 
produce.

Unfortunately, you are into the "what's going on inside this black 
box" zone - but you can at least add some logging statements to give 
you a window into the data it is handling.


Another thing you can do is grab packets off the wire with something 
like tcdump or wireshark - you can then inspect the packet and see 
what data the client is sending.


More information about the dhcp-users mailing list