global config to force phone to use private subnet in shared-network environment

Randall C Grimshaw rgrimsha at syr.edu
Wed Jul 20 20:58:30 UTC 2011


You can dynamically assign membership to a class
Then you can set access permissions to each pool

option space PXEboot;
option PXEboot.server code 66 = ip-address;
option PXEboot.image  code 67 = string;
class "PXEboot" {
  match option vendor-class-identifier;
}
subclass "PXEboot" "PXEClient:Arch:00000:UNDI:002001"
{
  vendor-option-space PXEboot;
  option PXEboot.server 123.123.123.123;
  option PXEboot.image  "ARDBP32.bin";
}

---or---

option space LWAPP;
option LWAPP.controller code 241 = ip-address;
class "LWAPP" {
  match option vendor-class-identifier;
}
subclass "LWAPP" "Cisco AP c1130"
{
  vendor-option-space LWAPP;
  option LWAPP.controller 123.123.123.123;
}
subclass "LWAPP" "Cisco AP c1200"
{
  vendor-option-space LWAPP;
  option LWAPP.controller 123.123.123.123;
}

-----

in both of these example your logic in the pool would use the class (not the subclass) i.e. allow member of LWAPP or deny member of PXEboot ....


Randall Grimshaw rgrimsha at syr.edu
________________________________________
From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org [dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] On Behalf Of Sue True [bloomingtonian at gmail.com]
Sent: Wednesday, July 20, 2011 1:54 PM
To: Users of ISC DHCP
Subject: RE: global config to force phone to use private subnet in      shared-network environment

So is there other way to accomplish what I am trying to do here, we have
hundreds shared-networks, phone will be deployed on most of the networks
and assigned from 10.10.x.x subnet.

So I try to avoid adding 'allow/deny' to each network if there globally
option can do that, I thought about doing it using class, like this, but
not sure how:

class "i2004-clients" {
   match if substring(option vendor-class-identifier, 0, 14) = "Nortel-i2004-A" ;

   ##only allow 10.10.x.x address?
}

Thanks!
Sue


On Wed, 20 Jul 2011, Randall C Grimshaw wrote:

> The short answer is no.
> The allow / deny rules control pool access... there is no global pool that would span all subnets - if you see what I mean. In addition, there is an issue with windows behavior as subsequent to obtaining the lease it does some network discovery using DHCP inform requests. If you do have any global values set such as DNS servers... any subnet local values provided to support i.e. a landing page for your private network will be overridden.
>
> Randall Grimshaw rgrimsha at syr.edu
> ________________________________________
> From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org [dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] On Behalf Of Sue True [bloomingtonian at gmail.com]
> Sent: Wednesday, July 20, 2011 11:56 AM
> To: Users of ISC DHCP
> Subject: global config to force phone to use private subnet in shared-network   enviroment?
>
> Greetings,
>
> I've been trying to get this work with no luck, so I'll ask the list to
> see if it's possible.
>
> In our config, we usually have two subnets in a shared-network, one is
> private(10.10.x.x) used for phones, the other is public, right now we have
> class defined for phone, and config 'allow/deny member' to each
> private/public subnet so phones pickup address from 10.10 network only.
>
> Since we have hundreds of networks and I wonder if there is a way achieve
> the above using global option, I've tried
>
> if binary-to-ascii(10,8,".",substring(leased-address,0,2)) = "10.10" {
>     allow members of "i2004-clients";
> }else{
>     deny members of "i2004-clients";
> }
>
> But got error:
> /etc/dhcpd/dhcpd.conf line 147: expecting allow/deny key
>     deny members
>
>
>
> Thanks in advance..
> Sue
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users



More information about the dhcp-users mailing list