global config to force phone to use private subnet in shared-network environment

Sue True bloomingtonian at
Thu Jul 21 14:28:44 UTC 2011

We have all of our dhcp configuration generated from database except the 
core dhcpd.conf, we have over 1000 shared-networks and over 2000 subnets, 
and all changes made to network/subnet/pool are done through script.

I thought it'll be nice if I could just do it once as global option and 
don't have to make many pool level changes but now looks like the config 
has to be added to each pool.

Thanks all for the help.

On Thu, 21 Jul 2011, Glenn Satchell wrote:

> Hi Sue
> So you want to allow or deny a particular class in some of the pools in your 
> definition, right? So if you think about it, you have to list the pools and 
> whether the class is allowed in each. The only logical way to do this is in 
> each pool.
> If you have hundreds of networks have you thought of using a script based 
> method of generating your configuration file? Maybe a script that writes out 
> a file that can be included in dhcpd.conf that lists all the shared-networks?
> regards,
> -glenn
> On 07/21/11 03:54, Sue True wrote:
>> So is there other way to accomplish what I am trying to do here, we have
>> hundreds shared-networks, phone will be deployed on most of the networks
>> and assigned from 10.10.x.x subnet.
>> So I try to avoid adding 'allow/deny' to each network if there globally
>> option can do that, I thought about doing it using class, like this, but
>> not sure how:
>> class "i2004-clients" {
>> match if substring(option vendor-class-identifier, 0, 14) =
>> "Nortel-i2004-A" ;
>> ##only allow 10.10.x.x address?
>> }
>> Thanks!
>> Sue
>> On Wed, 20 Jul 2011, Randall C Grimshaw wrote:
>>> The short answer is no.
>>> The allow / deny rules control pool access... there is no global pool
>>> that would span all subnets - if you see what I mean. In addition,
>>> there is an issue with windows behaviour as subsequent to obtaining the
>>> lease it does some network discovery using DHCP inform requests. If
>>> you do have any global values set such as DNS servers... any subnet
>>> local values provided to support i.e. a landing page for your private
>>> network will be overridden.
>>> Randall Grimshaw rgrimsha at
>>> ________________________________________
>>> From: at
>>> [ at] On Behalf Of Sue
>>> True [bloomingtonian at]
>>> Sent: Wednesday, July 20, 2011 11:56 AM
>>> To: Users of ISC DHCP
>>> Subject: global config to force phone to use private subnet in
>>> shared-network enviroment?
>>> Greetings,
>>> I've been trying to get this work with no luck, so I'll ask the list to
>>> see if it's possible.
>>> In our config, we usually have two subnets in a shared-network, one is
>>> private(10.10.x.x) used for phones, the other is public, right now we
>>> have
>>> class defined for phone, and config 'allow/deny member' to each
>>> private/public subnet so phones pickup address from 10.10 network only.
>>> Since we have hundreds of networks and I wonder if there is a way achieve
>>> the above using global option, I've tried
>>> if binary-to-ascii(10,8,".",substring(leased-address,0,2)) = "10.10" {
>>> allow members of "i2004-clients";
>>> }else{
>>> deny members of "i2004-clients";
>>> }
>>> But got error:
>>> /etc/dhcpd/dhcpd.conf line 147: expecting allow/deny key
>>> deny members
>>> Thanks in advance..
>>> Sue
>>> _______________________________________________
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at

More information about the dhcp-users mailing list