How does DHCPD determine what IP address to assign and...
Ryan McCain
Ryan.McCain at dss.state.la.us
Wed Jan 2 21:17:09 UTC 2008
I forgot to add that nothing showed up in the logs regarding my DialUp Rule. :(
>>> On Wed, Jan 2, 2008 at 2:59 PM, in message
<a06240800c3a1aa91764e at simon.thehobsons.co.uk>, Simon Hobson
<dhcp1 at thehobsons.co.uk> wrote:
> Ryan McCain wrote:
>
>>I'm back at it again. The DHCP client connect with Async in the UID
>>string and was assigned the IP address of 10.116.6.179 which was the
>>first available address in the subnet I am trying to prevent the client
>>from grabbing an IP address from. I'm banging me head against the wall
>>over here..
>>
>>-SNIP-
>>
>>class "DialUp" {
>> match if (substring(suffix(dhcp-client-identifier,7),0,5)="Async")
>>
>> or
>>
>>(substring(suffix(dhcp-client-identifier,6),0,5)="Async") ;
>> log (info, " Matched Dialup Rule");
>> }
>>}
>>
>>-SNIP-
>>
>>#DialUp
>>subnet 10.116.6.0 netmask 255.255.255.0 {
>> pool {
>> allow members of "DialUp";
>> range 10.116.6.1 10.116.6.8;
>> option routers 10.116.6.1;
>> }
>>}
>>
>>-SNIP-
>>
>>#VPN
>> subnet 10.116.6.0 netmask 255.255.255.0 {
>>pool {
>> deny members of "DialUp";
>> range 10.116.6.1 10.116.6.179 ;
>> option routers 10.116.6.254 ;
>> }
>>}
>>
>>... What am I doing wrong?
>
> I don't know, my crystal ball has gone AWOL ;-)
>
> I suggest the first thing you need to do is see if anything got
> logged - like " Matched Dialup Rule" !
>
> If it wasn't logged then you still don't have your match statement right.
>
> I would suggest you try logging some raw data in the global scope -
> that way you can see what the client is sending. You might also try
> logging substring(suffix(dhcp-client-identifier,7),0,5) and
> substring(suffix(dhcp-client-identifier,6),0,5) to see what they
> produce.
>
> Unfortunately, you are into the "what's going on inside this black
> box" zone - but you can at least add some logging statements to give
> you a window into the data it is handling.
>
>
> Another thing you can do is grab packets off the wire with something
> like tcdump or wireshark - you can then inspect the packet and see
> what data the client is sending.
More information about the dhcp-users
mailing list