Subnet assigment using subClass

Márcio Merlone marcio.merlone at a1.ind.br
Tue Nov 25 19:10:24 UTC 2014


On 25-11-2014 16:58, Simon Hobson wrote:
> Márcio Merlone <marcio.merlone at a1.ind.br> wrote:
>> What happens is that the clsDesktop host  08:00:27:12:34:56 ends up on the unknown hosts subnet instead of the 10.1.1.0/24 as desired. First question: is a subClassed host a "known-host" so I can, for example, deny it on the pool declaration? Why does the host flees the clsDesktop pool declaration? What am I missing?
>>
>> Appreciate if someone can enlighten me on the subject and how to achieve this goal.
> ...
>> class "clsDesktop" {
>>      match pick-first-value (option dhcp-client-identifier, hardware);
>> }
>> class "clsGuest" {
>>      match pick-first-value (option dhcp-client-identifier, hardware);
>> }
>>
>> shared-network Foo {
>>      subnet 10.1.1.0 netmask 255.255.255.0 {
>>          pool {
>>              allow members of "clsDesktop";
>>              range 10.1.1.20 10.1.1.254;
>>              }
>>          }
>>      subnet 10.0.0.0 netmask 255.255.255.0 {
>>          pool {
>>              allow members of "clsGuest";
>>              range 10.0.0.46 10.0.0.254;
>>              }
>>          }
>>      subnet 172.16.0.0 netmask 255.255.255.0 {
>>          pool {
>>              allow unknown-clients;
>>              range 172.16.0.1 172.16.0.254;
>>              }
>>          }
>>      }
>> subclass "clsDesktop" 1:08:00:27:12:34:56 { }
> Change the last one to :
>
>      subnet 172.16.0.0 netmask 255.255.255.0 {
>          pool {
>              deny members of "clsDesktop";
>              deny members of "clsGuest";
>              range 172.16.0.1 172.16.0.254;
>              }
>          }
(...)
>   So simply deny members of each class that have other pools allocated to them.

That seems to work, will do more tests tomorrow. I can say that on other 
opportunity I've seen clsDesktop going into clsGuest subnet when not 
"deny"ing other classes, and got "no free lease" when trying to lock 
everything. I'll elaborate better tomorrow after more testing.

> It's the easiest way to do it, AFAIK clients matching a class/subclass don't automatically become known.
That's important to know, someone with proper knowledge could please 
confirm that?

> Also, as an observation, for this subnet you don't have provision for a router (...)
I know, this is just a lab network, with most of is declarations 
stripped off to make it simpler for now. Thanks for the heads up! :)

Thanks, regards.

-- 
*Marcio Merlone*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20141125/d9c01ecb/attachment.html>


More information about the dhcp-users mailing list