DHCPD classes - How to put unknown devices in a separate class?

Glenn Satchell glenn.satchell at uniq.com.au
Wed Mar 24 13:43:17 UTC 2010


You can use the 'exists' operator to test if an option has been sent. 
See dhcp-eval man page.

class "Devices_C" {
    match if ( exists  option vendor-class-identifier
    and substring ( option vendor-class-identifier, 0, 6 ) != "vendor1"
    and substring (option vendor-class-identifier, 0, 6 ) != "vendor2" );
      log ( info, "Got a packet not from a vendor1 or vendor2 device" );
      option domain-name "devicec.example.com";
}

This doesn't scale too well if you have more than a few device classes.

Can you describe in more detail what range(s) of IP addresses you want 
to hand out based on vendor identifier?

regards,
-glenn

On 03/25/10 00:02, Randall C Grimshaw wrote:
> With vendor class identifiers you can a.) override default configuration values such as dns servers b.) define memberships that can be used to allow access to pools.
> You need to do a bit of both perhaps. Still a little vague in your description but presume you need to give private IP space to your matching devices that is defined as a secondary on the same interface. You will define a shared network with pools for each address space. The allow matching devices to use the private pool while denying matching to use the public pool.
>
> -----Original Message-----
> From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org [mailto:dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] On Behalf Of Jessica Meyer
> Sent: Wednesday, March 24, 2010 3:46 AM
> To: Users of ISC DHCP
> Subject: Re: DHCPD classes - How to put unknown devices in a separate class?
>
> Hi list
>
> Thanks for your answers - Nial, Glenn and Randall.
>
>> class "Devices_C" {
>>    match if ( substring ( option vendor-class-identifier, 0, 6 ) != "vendor1"
>>    and substring (option vendor-class-identifier, 0, 6 ) != "vendor2" );
>>      log ( info, "Got a packet not from a vendor1 or vendor2 device" );
>>      option domain-name "devicec.example.com";
>> }
>
> This does only work if the vendor-class-identifier is set, correct?
> Because I cannot trust the client that it has this option set. I tried
> this statement as well, then tried to add something like "or not
> (option vendor-class-identifier)" but that didn't work - I'm
> unfamiliar with the syntax I think.
>
> Actually, my overall problem is: My DHCPD receives unicast DHCP
> packets from one relay (say, 172.20.0.1), but I need to give out IP
> addresses according to the vendor-class-identifier option. I always
> failed at that. Does anyone have an example configuration or idea how
> to do this? Problem is, 172.20.0.0/24 is also a subnet, and if the
> gateway is 172.20.0.1, DHCPD only gives out ip addresses from that
> particular subnet.
>
> Jess



More information about the dhcp-users mailing list