dhcpd.conf - one class per customer

Mon Jun 18 14:18:28 UTC 2012

Hi all,

I'm trying to find a "healthy" way to configure a dhcp (dhcp-4.2.1) on
a FreeBSD server for an access network and could use some help.
I wrote to this address on Friday but haven't seen my posting in a
mailbox or an archive. So if the first message aperast somewhere....
sorry for double posting :)

The modem in use, asks for temporary ip address and receives some
vendor specific options. it then reboots and ask for an mgmt ip
address in a predefined vlan.
After that there will be requests for a voice- and a public ip
address. all requests arrive over a different relay agent.

each access port has his own class. If the port is active I add the
mac address to the subclass. Inside the temp. ip pool I add an allow
statement for each port
class "000085_Port" {
       match if ( substring ( option agent.circuit-id, 0, 14 ) =
"hostname01 1/1" );
       match hardware;
}
subclass "000085_Port"     1:00:11:22:33:44:56;

each modem gets a host entry inside a group and a voice class:
group {
       option vendor-encapsulated-options = "something";
       host 000085_NT { hardware ethernet 0:11:22:33:44:56; }
}
class "000085_Voice" {
       match if ( substring ( option agent.circuit-id, 0, 19 ) =
"hostname01 1/1:0200" );
       match hardware;
}
subclass "000085_Voice"     1:00:11:22:33:44:56;

Inside the mgmt IP pool I have: deny unknown clients;
and inside the voice IP pool we have:
allow member of "000085_Voice";

The public request are handled like the temp request but without a
subclass match (I do not know that mac address).
class "000085_DHCP" { match if ( substring ( option agent.circuit-id,
0, 19 ) = "hostname01 1/1:0300" ); }

So for one connection I have to create 3 classes 2 subclasses and 1
host entry. I think this is a bit complicated...

Q: Can such a setup, with all the classes and match if patterns, work
for bigger installations, lets say 1'000 or 5'000 what about 20'000?
The lease-time is 1h for the temp and public pool. The other pools
have a longer lease time ~4h - 6h
All pools contain 500-1000 IP addresses and if one pool gets full I'll
create another one.

Q: the vendor options inside the group is global right? so these
options will be sent to the client regardless of the subnet the
request comes in as long as the mac address is correct?

Q: Is there an easier way to do it?
one idea is to use 2 classes per customer. one for temp-, mgmt- and
voice, where we use the subclass. and one class for the cpe where we
do not know the mac address. But I don't know if this gives me the
same control over the pool assignments.

Q: All the match-ifs try to match a substring of agent.circuit-id or
agent.remote-id. can I substring once or twice and save the result and
use that instead of another substring call?
something like:
set access.hostname = substring(agent.circuit-id, 0, 10);
set access.vlan = substring(agent.circuit-id, 11, 4);

and later:
match if (access.hostname = "hostname01");

Q: At the begining I had all the "allow members of" in a seperate file
and included it after the "range" statement. The error i got was
something like "allow/deny expected". When I copy & pasted the content
from the file the server starts up. Can I use include "filename.txt"
everywhere?

Thanks,

Philippe