Excluding a class from matches...
Glenn Satchell
Glenn.Satchell at uniq.com.au
Wed Aug 5 02:38:36 UTC 2009
ok, what if you reverse the logic in your class, then you can allow
that class, the allow implies deny everything else? eg:
class "DeviceType1" { match if not substring ( hardware, 1, 3 ) = 12:34:56; }
subnet .... {
option ... ;
pool {
# deny devices who are not 12:34:56:
allow members of "DeviceType1";
range ... ;
option ... ;
}
pool {
allow members of "DeviceType2";
range ... ;
option ... ;
}
regards,
-glenn
PS Please reply to the list only, I don't need to get the posting twice.
>Date: Tue, 4 Aug 2009 19:52:28 -0400
>Subject: Re: Excluding a class from matches...
>From: David McKen <dmlmcken at gmail.com>
>
>I considered that option but unfortunately I have one other constraint
>that I forgot to mention. I have 3 classes of devices on this network
>with isc dhcp classes setup for each, this setup works fine but I need
>one of the classes to support this behavior. Due to this the deny
>option won't work well for me. I read on the list that is not a good
>idea to have allow and deny statements within a single pool. so there
>would be no way to apply the extra restrictions.
>
>The specific setup is that we have management networks on the same
>VLAN as customer browsing networks (this is due to a limitation on the
>equipment). Both are handed out via DHCP, we use the MAC prefix to
>distinguish between the two. The new requirement is to move customers
>over to a special "captive" network when they don't pay their bill.
>
>Most of the data will be stored in a database so being able to have
>the dhcp server call some script who's return value is 1 if its a
>match and 0 if it isn't will actually work quite well for me so I
>don't have to keep restarting the dhcp service every time one of these
>macs needs to get added or removed.
>
>On Tue, Aug 4, 2009 at 7:35 PM, Glenn
>Satchell<Glenn.Satchell at uniq.com.au> wrote:
>>
>>>Date: Tue, 4 Aug 2009 18:30:17 -0400
>>>Subject: Excluding a class from matches...
>>>From: David McKen <dmlmcken at gmail.com>
>>>To: dhcp-users at lists.isc.org
>>>X-BeenThere: dhcp-users at lists.isc.org
>>>
>>>Good Day list,
>>>
>>>I am looking to do the following:
>>>1. For all macs whose prefix do not begin with 12:34:56 do not match /
>>>give an ip.
>>>2. For specific macs (list is coming from a database so can be
>>>provided via subclass or group I guess) put them in a specific subnet
>>>#1.
>>>3. For all other macs matching criteria #1 put them in subnet #2.
>>>
>>>If I drop requirement #2 I can do this quite easily via classes.
>>>class "DeviceType" { match if substring ( hardware, 1, 3 ) = 12:34:56; }
>>>
>>>and apply the class to the subnet desired.
>>>
>>>I am a bit lost as to how to do this with requirement #2 in place
>>>which is to put certain devices in a special "holding" network until
>>>they can be dealt with.
>>>
>>>Was looking for some line that would allow me to say " if not in
>>>'someclass' " as I could use this to prevent the macs from #2 from
>>>matching the "global" matches.
>>>
>>>Came across something called "execute based class matching" from the
>>>mailing lists. I am a bit fuzzy as to how this works but it may be
>>>what I'm looking for. Can anyone shed some light on how this works?
>>>
>>>Signed
>>>David McKen
>>
>> Hi David
>>
>> So you define your class similar to above
>>
>> class "DeviceType1" { match if substring ( hardware, 1, 3 ) = 12:34:56; }
>>
>> class "DeviceType2" { match hardware }
>> subclass "DeviceType2" 1:12:34:56:d:e:f;
>> subclass "DeviceType2" 1:a:b:c:d:e:f;
>> ...
>>
>> subnet .... {
>> option ... ;
>> pool {
>> # deny devices who are not 12:34:56:
>> deny members of "DeviceType1";
>> # deny our special list
>> deny members of "DeviceType2";
>> range ... ;
>> option ... ;
>> }
>> pool {
>> allow members of "DeviceType2";
>> range ... ;
>> option ... ;
>> }
>> }
>>
>> When you allow a class it denies all other classes in that pool. When
>> you deny a class it allows all other classes. The ranges must not
>> overlap in the pools. You can also put other options in each pool, eg
>> different router, dns servers and so on, and they will apply to devices
>> using that pool.
>>
>> dhcpd.conf man page has examples on subclasses,the leading "1" is the
>> hardware type, almost always ethernet these days. dhcp-eval has
>> examples of arithmetic and if/else tests, etc.
>>
>> regards,
>> -glenn
>> --
>> Glenn Satchell mailto:glenn.satchell at uniq.com.au | I telephoned the
>> Uniq Advances Pty Ltd http://www.uniq.com.au | swine flu info
>> PO Box 70 Paddington NSW Australia 2021 | line and all I got
>> tel:0409-458-580 tel:02-9380-6360 fax:02-9380-6416 | was crackling.
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>_______________________________________________
>dhcp-users mailing list
>dhcp-users at lists.isc.org
>https://lists.isc.org/mailman/listinfo/dhcp-users
>
More information about the dhcp-users
mailing list