Assign subnet's per group

Glenn Satchell Glenn.Satchell at uniq.com.au
Fri Oct 23 00:53:11 UTC 2009 

>From: Hugo Ferreira <hugoferreira at gmail.com>
>Date: Thu, 22 Oct 2009 17:22:58 +0100
>Subject: Re: Assign subnet's per group
>To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>X-BeenThere: dhcp-users at lists.isc.org
>
> By Jason's example, before trying others:
> 
> group xpto {
>          filename "xpto";
>          host xpto1 { hardware ethernet 00:c0:c3:49:2b:57; }
>          host xpto2 { hardware ethernet 00:c0:c3:80:fc:32; }
>          host xpto3 { hardware ethernet 00:c0:c3:22:46:81; }
>        }
> 
> shared-network Vlan1{
>    subnet 10.1.0.0 netmask 255.255.240.0 {
>    option routers 10.1.0.1;
>      option subnet-mask 255.255.240.0;
>    allow unknown-clients;
>    }
> 
> 
>    subnet 10.1.64.0 netmask 255.255.255.0 {
>    option routers 10.1.64.253;
>      option subnet-mask 255.255.255.0;
>      filename "DDI";
>      deny unknown-clients;
>    }
> }
> 
> I guess this should work. Any suggestion or notice regarding this
> configuration?
> 

You need a pool to have allow or deny lists, otherwise the basic idea
is fine. You can also have more than one pool in a given subnet if that
makes it easier to divide up your address space.

So something like this, where x and y are appropriate numbers for the
IP address range:

shared-network Vlan1{
  subnet 10.1.0.0 netmask 255.255.240.0 {
    option routers 10.1.0.1;
    option subnet-mask 255.255.240.0;
    pool {
      range 10.1.0.x 10.1.0.y;
      allow unknown-clients;
    }
  }


  subnet 10.1.64.0 netmask 255.255.255.0 {
    option routers 10.1.64.253;
    option subnet-mask 255.255.255.0;
    filename "DDI";
    pool {
      range 10.1.64.x 10.1.64.y;
      deny unknown-clients;
    }
  }
}

Because the clients have "host" statements they match the
"known-clients" settings and thus don't match "unknown-clients". So
they will match the 10.1.64.0 subnet where you deny unknown-clients.
This means that known-clients are allowed.

You can define the next-server and filename in the grooup, subnet or
pool as appropriate.

Sometimes it is easier to write allow known-clients

regards,
-glenn

More information about the dhcp-users mailing list