Excluding a class from matches...

Glenn Satchell Glenn.Satchell at uniq.com.au
Tue Aug 4 23:35:09 UTC 2009


>Date: Tue, 4 Aug 2009 18:30:17 -0400
>Subject: Excluding a class from matches...
>From: David McKen <dmlmcken at gmail.com>
>To: dhcp-users at lists.isc.org
>X-BeenThere: dhcp-users at lists.isc.org
>
>Good Day list,
>
>I am looking to do the following:
>1. For all macs whose prefix do not begin with 12:34:56 do not match /
>give an ip.
>2. For specific macs (list is coming from a database so can be
>provided via subclass or group I guess) put them in a specific subnet
>#1.
>3. For all other macs matching criteria #1 put them in subnet #2.
>
>If I drop requirement #2 I can do this quite easily via classes.
>class "DeviceType" { match if substring ( hardware, 1, 3 ) = 12:34:56; }
>
>and apply the class to the subnet desired.
>
>I am a bit lost as to how to do this with requirement #2 in place
>which is to put certain devices in a special "holding" network until
>they can be dealt with.
>
>Was looking for some line that would allow me to say " if not in
>'someclass' " as I could use this to prevent the macs from #2 from
>matching the "global" matches.
>
>Came across something called "execute based class matching" from the
>mailing lists. I am a bit fuzzy as to how this works but it may be
>what I'm looking for. Can anyone shed some light on how this works?
>
>Signed
>David McKen

Hi David

So you define your class similar to above

class "DeviceType1" { match if substring ( hardware, 1, 3 ) = 12:34:56; }

class "DeviceType2" { match hardware }
subclass "DeviceType2"  1:12:34:56:d:e:f;
subclass "DeviceType2"  1:a:b:c:d:e:f;
...

subnet .... {
	option ... ;
	pool {
		# deny devices who are not 12:34:56:
		deny members of "DeviceType1";
		# deny our special list
		deny members of "DeviceType2";
		range ... ;
		option ... ;
	}
	pool {
		allow members of "DeviceType2";
		range ... ;
		option ... ;
	}
}

When you allow a class it denies all other classes in that pool. When
you deny a class it allows all other classes. The ranges must not
overlap in the pools. You can also put other options in each pool, eg
different router, dns servers and so on, and they will apply to devices
using that pool.

dhcpd.conf man page has examples on subclasses,the leading "1" is the
hardware type, almost always ethernet these days. dhcp-eval has
examples of arithmetic and if/else tests, etc.

regards,
-glenn
--
Glenn Satchell     mailto:glenn.satchell at uniq.com.au | I telephoned the
Uniq Advances Pty Ltd         http://www.uniq.com.au | swine flu info
PO Box 70 Paddington NSW Australia 2021              | line and all I got
tel:0409-458-580  tel:02-9380-6360  fax:02-9380-6416 | was crackling.




More information about the dhcp-users mailing list