dhcpd and authetication
Glenn Satchell
glenn.satchell at uniq.com.au
Fri Jul 23 04:14:57 UTC 2010
Hi Julie
The short answer is No.
Using an include file is just like inserting the contents of the file,
however there are some limitations. The files are read into the global
scope. Secondly, a host is either known or unknown - it can't be known
in one subnet and unknown in another.
You may be better to define a class. There was an example the other day
of using the hardware address as a key for a sub-class. Then you could
allow the class in the relevant subnet/pool. Allowing one class
implicitly denies all other classes, and it is strongly recommended not
to mix allow and deny within one pool due to various non-obvious ways
that it works (search the list archives for more detailed explanation).
class "s1" {
match substring(hardware, 1, 6);
}
class "s2" {
match substring(hardware, 1, 6);
}
# you could put these sub-classes into a file and include it...
sub-class "s1" 0:0:0:a:b:c;
sub-class "s1" 0:0:0:1:2:2;
sub-class "s2" 0:0:0:8:8:8;
subnet ... {
...
pool {
range ...
allow members of "s1";
}
}
subnet ... {
...
pool {
range ...
allow members of "s2";
}
}
regards,
-glenn
On 07/23/10 14:02, Julie Xu wrote:
> Hi
>
> great thanks for the replies, can I ask one more question regard this.
>
> if I include two files which host statements, can I indicate subent A to
> use file1 and subnet B to use file2? if so, how can I do it?
>
> any comments will be apprecaited
>
> Thanks in advance
>
> xll
>
>> Message: 2
>> Date: Sun, 02 May 2010 09:58:12 +1000
>> From: Glenn Satchell <glenn.satchell at uniq.com.au>
>> Subject: Re: dhcpd and authetication
>> To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>> Message-ID: <4BDCC014.4020705 at uniq.com.au>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Hi Julie
>>
>> You can have host statements without the fixed-address. Then in the
>> pools use 'allow known-clients'. Something like this:
>>
>> host "abc" {
>> hardware ethernet 0:0:0:a:b:c;
>> }
>>
>> subnet ... {
>> ...
>> pool {
>> range ...
>> allow-known-clients;
>> }
>> }
>>
>> regards,
>> -glenn
>
More information about the dhcp-users
mailing list