PXE Client configuration

Glenn Satchell glenn.satchell at uniq.com.au
Tue Feb 16 00:39:30 UTC 2010


Hi Jason

If you have any other "allow classes" in a subnet then every other class 
is denied, so you might already have the condition you require.

Whether a class is allowed or denied is a property of the pool. The 
membership of a class is a function of each request. So there is no way, 
within the class, to allow or deny it from a global point of view. You 
could add complex logic to determine if the address was from a 
particular subnet and return a next-server value, but this would add 
more work than adding an explicit deny to every pool where you don't 
want this class.

There's no magic global setting to deny members of a class.

regards,
-glenn

Jason Frisvold wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Greetings,
> 
> 	We're running dhcp 3.0.5, RHEL packages, and readying ourselves to
> deploy a configuration that will allow PXE booting.  We have this
> working successfully in the lab, but we're looking to restrict this on
> some subnets.  So, the question is, how?
> 
> 	I have this class definition, but it matches on every subnet.  I know I
> can add a deny members of "pxeclients" to each subnet, but there are far
> more subnets I want to deny than subnets to allow.  Is there a way to
> deny by default and allow only where explicitly defined?
> 
> class "pxeclients" {
>    match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
>    next-server pxe.example.com;
>    filename "x86pc/undi/wpemenu/startrom.0";
> }
> 
> Thanks,
> 
> - -- 
> - ---------------------------
> Jason Frisvold
> Network Engineer
> frisvolj at lafayette.edu
> - ---------------------------
> "What I cannot create, I do not understand"
>    - Richard Feynman
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.13 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAkt5hR0ACgkQO80o6DJ8UvkGNwCeKvodkpnKFV2d9WfEJpjvCcVT
> UFQAnieQiooVyzAkfFDCrzjne3ifELhV
> =S6jr
> -----END PGP SIGNATURE-----




More information about the dhcp-users mailing list