Trying to keep out Non-Phones in a Subnet

[Simon Hobson]

Martin McCormick wrote:
>	We set up a subnet just for VOIP phones and would like
>to disallow devices such as work stations, etc, from using that
>network. We already have a class for Cisco telephones which
>works fine so what we would like to happen is for any Cisco
>telephone to get a dynamic address on this network and anything
>else to get nothing but a log entry so we can find out what the
>problem is and get them plugged in to the correct network. After
>doing some research, I tried the following configuration which
>fails for pretty obvious reasons. All non-defined hosts are
>unknown hosts. I was hoping that their belonging to a class
>might make them known. Bad config follows:
>
>subnet 10.194.8.0 netmask 255.255.248.0 {
>option subnet-mask 255.255.248.0;
>option routers 10.194.15.254;
>ddns-updates on;
>option domain-name "voip-test.osu";
>option broadcast-address 10.194.15.255;
>default-lease-time 3600;
>max-lease-time 3600;
>  pool {
>deny dynamic bootp clients;
>failover peer "stw";
>range 10.194.12.0 10.194.15.249;
>allow members of "cisco-telephone";
>         deny unknown-clients;
>}

'allow members of "cisco-telephone";' is sufficient to prevent other 
devices from accessing that pool - so just delete the 'deny 
unknown-clients;' line. When ever you use an allow, anything not 
allowed is implicitly denied (and the reverse if you use a deny, 
anything not denied is allowed).

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.