How does DHCPD determine what IP address to assign and...

Ryan McCain Ryan.McCain at dss.state.la.us
Wed Jan 2 21:17:09 UTC 2008 

I forgot to add that nothing showed up in the logs regarding my DialUp Rule. :(



>>> On Wed, Jan 2, 2008 at  2:59 PM, in message
<a06240800c3a1aa91764e at simon.thehobsons.co.uk>, Simon Hobson
<dhcp1 at thehobsons.co.uk> wrote: 
> Ryan McCain wrote:
> 
>>I'm back at it again.  The DHCP client connect with Async in the UID
>>string and was assigned the IP address of 10.116.6.179 which was the
>>first available address in the subnet I am trying to prevent the client
>>from grabbing an IP address from.  I'm banging me head against the wall
>>over here..
>>
>>-SNIP-
>>
>>class "DialUp" {
>>     match if (substring(suffix(dhcp-client-identifier,7),0,5)="Async")
>>
>>                    or
>>                 
>>(substring(suffix(dhcp-client-identifier,6),0,5)="Async") ;
>>             log (info, " Matched Dialup Rule");
>>                         }
>>}
>>
>>-SNIP-
>>
>>#DialUp
>>subnet 10.116.6.0 netmask 255.255.255.0 {
>>  pool {
>>   allow members of "DialUp";
>>   range 10.116.6.1 10.116.6.8;
>>   option routers 10.116.6.1;
>>       }
>>}
>>
>>-SNIP-
>>
>>#VPN
>>   subnet 10.116.6.0 netmask 255.255.255.0 {
>>pool { 
>>   deny members of "DialUp"; 
>>   range 10.116.6.1 10.116.6.179 ;
>>   option routers 10.116.6.254 ;
>>      }
>>}
>>
>>... What am I doing wrong?
> 
> I don't know, my crystal ball has gone AWOL ;-)
> 
> I suggest the first thing you need to do is see if anything got 
> logged - like " Matched Dialup Rule" !
> 
> If it wasn't logged then you still don't have your match statement right.
> 
> I would suggest you try logging some raw data in the global scope - 
> that way you can see what the client is sending. You might also try 
> logging substring(suffix(dhcp-client-identifier,7),0,5) and 
> substring(suffix(dhcp-client-identifier,6),0,5) to see what they 
> produce.
> 
> Unfortunately, you are into the "what's going on inside this black 
> box" zone - but you can at least add some logging statements to give 
> you a window into the data it is handling.
> 
> 
> Another thing you can do is grab packets off the wire with something 
> like tcdump or wireshark - you can then inspect the packet and see 
> what data the client is sending.

More information about the dhcp-users mailing list