Matching multiple classes

Bruce Hudson Bruce.Hudson at Dal.Ca
Tue Mar 1 15:37:02 UTC 2011


 
> class "class1" {
>    match if substring (option user-class,1,7) = "\0string1";
> }
> class "class2" {
>    match if substring (option user-class,1,7) = "\0string2";
> }
> class "class3" {
>    match if substring (option user-class,1,7) = "\0string1"
>          or substring (option user-class,1,7) = "\0string2"
> 

    Neither of your first two options is correct. The client will me a
member of both classes ("class1" or "class2" AND "class3"). Any allow
or deny statements mentioning either will consider the client to be a
member. If you have two pools, one permitting "class1" and one "class3",
then a client with "\0string1" will use either, more or less randomly.

> - Does this makes sense for a client to belong to multiple classes?

    That depends on the rest of your configuration. We certainly have
something similar to control access to various parts of the network.
You can put all your clients into a single class and use multiple
allow or deny statements everywhere you now refer to "class3" if you
find that clearer.
 
> To be short, my question deals with the priority of class definitions 
> and matching...

    There is no priority.
--
Bruce A. Hudson				| Bruce.Hudson at Dal.CA
ITS, Networks and Systems		|
Dalhousie University			|
Halifax, Nova Scotia, Canada		| (902) 494-3405



More information about the dhcp-users mailing list