Host declarations in different ranges within the same subnet

[Simon Hobson]

Glenn Satchell wrote:
>In that second pool you could have:
>
>deny members of "classFirewallFullAccess";
>
>rather than
>
>deny unknown-clients;
>
>and do away with the host statements. As it is you need to add your
>special hosts to a host statement *and* the subclass. Easier to just do it
>once.

Actually, as I read it he's wanting to do something he never told us 
about - like that's unusual in here!

Looks like he wants one subnet for stuff he knows about, with some of 
those getting preferential treatment. And for anything else (ie 
visitors etc) he wants to use a different subnet altogether.
So 3 choices.

I'd be tempted to use two classes for known stuff rather than use a 
class for the privileged and hosts for the rest which will make it 
harder to maintain. In a DB you could keep a flag for which class the 
device is, then just spit out a list of MACs and class membership 
without having to have "if it's <something> then make a subclass, 
else make a host statement" stuff.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.