Problem with class definition
კონსტანტინე ქაროსანიძე
admin at jejestudio.ge
Tue Sep 7 19:22:15 UTC 2010
yes, I have multiple small pools in bit subnet...
Best Regards,
Konstantine Karosanidze,
CAUCASUS ONLINE ISP
System Administrator
On Tue, Sep 7, 2010 at 8:15 PM, Glenn Satchell
<glenn.satchell at uniq.com.au>wrote:
> On 09/08/10 02:00, კონსტანტინე ქაროსანიძე wrote:
>
>> Hello,
>>
>> I run dhcp for my clients (i'm sysadmin at ISP) and using option 82 to
>> identify requests and assign corresponding ip to client but now i have
>> case that I cant use option 82 (because of some network topology option
>> 82 is not added to request)
>>
>> Solution was to identify clients by source address from where request
>> comes. (actually from ip assigned to that vlan on cisco switch, vlan
>> gateway)
>>
>> after lots of tries I figured out following config:
>>
>> class "ADSL_Universal_34" {
>> match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf1" );
>> log(info, "matched class ADSL_Universal_34");
>> log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
>> 8, "", packet(24,4))));
>> log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
>> }
>>
>> class "ADSL_Universal_35" {
>> match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );
>> log(info, "matched class ADSL_Universal_35");
>> log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
>> 8, "", packet(24,4))));
>> log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
>> }
>>
>> subnet 94.137.191.0 netmask 255.255.255.128
>> {
>>
>> pool {
>> option subnet-mask 255.255.255.192;
>> option routers 94.137.191.1;
>> option ip-forwarding FALSE;
>> deny unknown-clients;
>> allow members of "ADSL_Universal_34";
>> range 94.137.191.2 94.137.191.5;
>> }
>>
>> pool {
>> option subnet-mask 255.255.255.192;
>> option routers 94.137.191.65;
>> option ip-forwarding FALSE;
>> deny unknown-clients;
>> allow members of "ADSL_Universal_35";
>> range 94.137.191.66 94.137.191.70;
>> }
>> }
>>
>> where 5e89bf41 and 5e89bf1 are gateway ip addresses in hex. While using
>> this config strange thing happens.
>>
>> when i use
>>
>> deny unknown-clients;
>> allow members of "ADSL_Universal_35";
>>
>> this directives for matching class to pool nothing works but it's
>> enought for me to remove this lines from config and in log file I see
>> that incomming requests are matched to class.
>>
>> Sep 7 18:36:04 dhcp dhcpd: matched class ADSL_Universal_35
>> Sep 7 18:36:04 dhcp dhcpd: DHCPINFORM from 94.137.191.2 via 94.137.191.65
>> Sep 7 18:36:04 dhcp dhcpd: DHCPACK to 94.137.191.2 (d8:d3:85:21:3f:f3)
>> via em0
>>
>> but if i uncomment above two lines I have nothing logged and no ip
>> addresses assigned.
>>
>> I know that it is not good solution and is just a workaround of problem
>> but I need to make it working.
>>
>> Any ideas how to fix?
>>
>> Best Regards,
>> Konstantine Karosanidze,
>>
>> CAUCASUS ONLINE ISP
>> System Administrator
>>
>>
> It's enough to just say 'allow members of ...' and that will deny all other
> devices. A client identified by a class is still an unknown client.
>
> Also instead of
>
>
> match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );
>
> you can be slightly more efficient and say:
>
> match if ( packet(24,4)) = 5e:89:bf:41 );
>
> But I am a bit confused by your subnet definition. In the subnet you set a
> /25 subnet mask, but then in the pool it's different?
>
> --
> regards,
> -glenn
> --
> Glenn Satchell | Miss 9: What do you
> Uniq Advances Pty Ltd, Sydney Australia | do at work Dad?
> mailto:glenn.satchell at uniq.com.au | Miss 6: He just
> http://www.uniq.com.au tel:0409-458-580 | types random stuff.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100907/72191772/attachment.html>
More information about the dhcp-users
mailing list