To have various IP ranges in the same subnet and assign the IP Address depending of the device type that sends the request.

Juan Antonio García Moreno jagarcia at emergya.com
Mon Aug 5 10:52:04 UTC 2019


Hi Simon,

I relly have some hosts declarations, but I don't have put these in the
post.

Now really I have the config about this:

###############################################################
ddns-update-style none;
log-facility local7;

default-lease-time 7200;
max-lease-time 7200;
update-static-leases true;

authoritative;

option domain-name "company-test.com";
option domain-search "company-test.es","company-test.info","company-test.com
";
option domain-name-servers 10.53.1.2, 8.8.8.8;

lease-file-name "/var/lib/dhcp/dhcpd.leases";

#******* Hosts Declarations *******#
class "smartphones" {
  match if option vendor-class-identifier = "android-dhcp-9";
}

#******* VLAN1 (10.53.0.0/16) *******#
subnet 10.53.0.0 netmask 255.255.0.0 {

  default-lease-time 86400;
  max-lease-time 172800;

  option broadcast-address 10.53.255.255;
  option routers 10.53.1.1;

  # Unknown Clients Range.
  pool {
    deny members of "smartphones";
    range 10.53.33.1 10.53.35.254;
  }

  # Smartphones Range.
  pool {
    allow members of "smartphones";
    range 10.53.10.2 10.53.11.254;
  }

  host PC-01 {
    hardware ethernet ff:ff:ff:ff:ff:01;
    fixed-address 10.53.100.5;
  }

  host PC-02 {
    hardware ethernet ff:ff:ff:ff:ff:02;
    fixed-address 10.53.100.6;
  }

}
#******* VLAN10 (10.188.10.0/24) *******#
subnet 10.153.10.0 netmask 255.255.255.0 {

  option broadcast-address 10.153.10.255;
  option routers 10.153.10.1;

  pool {
    range 10.153.10.50 10.153.10.99;
  }

  host PC-10-01 {
    hardware ethernet ff:ff:ff:ff:ff:10;
    fixed-address 10.153.10.5;
  }

}
###############################################################

This config seems that works, classifing the "smartphones" and assigning a
IP from "range 10.53.10.2 10.53.11.254;" and assigning to unknown devices
from "range 10.53.33.1 10.53.35.254;"

I'm going to test:

------------------------------------------------------
class "smartphones" {
  match if not known and (
    substring(option vendor-class-identifier,0,12) = "android-dhcp-" or
    substring(option vendor-class-identifier,0,6) = "dhcpcd-" or
    substring(option vendor-class-identifier,0,14) = "HUAWEI:android:" or
  );
}
------------------------------------------------------

And too, howto fill a text file with the "vendor-class-identifier" of the
smartphones and include in the DHCP Server config to match the smartphones
devices too.


Best regards

El lun., 5 ago. 2019 a las 11:13, Simon Hobson (<dhcp1 at thehobsons.co.uk>)
escribió:

> Juan Antonio García Moreno <jagarcia at emergya.com> wrote:
> > I'm testing this:
>
> And finding that it doesn't do what you expect !
>
> > ###############################################################
> > class "smartphones" {
> >   match if option vendor-class-identifier = "android-dhcp-9";
> > }
> >
> > subnet 10.53.0.0 netmask 255.255.0.0 {
> >
> >   default-lease-time 86400;
> >   max-lease-time 172800;
> >
> >   option broadcast-address 10.53.255.255;
> >   option routers 10.53.1.1;
> >
> >   # Unknown Clients Range.
> >   pool {
> >     deny known-clients;
> >     range 10.53.33.1 10.53.35.254;
> >   }
> > ..
> >   # Smartphones Range.
> >   pool {
> >     allow members of "smartphones";
> >     deny known-clients;
> >     range 10.53.10.2 10.53.11.254;
> >   }..
> > ###############################################################
> >
> > My smartphone have a IP from "range 10.53.33.1 10.53.35.254;"
> >
> > To test if the classification work, I turn off the WIFI of my
> smartphone, wait some seconds and turn on the WIFI again, but the WIFI get
> the same IP that it had previously from "range 10.53.33.1 10.53.35.254;".
> >
> > Can you tell me how I can test this config correctly?
>
> Two things :
>
> If you refer to man dhcpd.conf you'll see that a "known" client is one
> that has a host declaration. Since you have no known clients, all of them
> are unknown and you cannot separate clients into pools using
> (un)known-client.
>
> DO NOT MIX ALLOW AND DENY ! They do not work as most people expect them to
> (specifically they are **NOT** evaluated top-down as a list, stopping at
> the first match), and rather than working out what the mix does, simply use
> only allow or only deny. If you use an allow statement, then anything not
> allowed is automatically disallowed (an implicit "deny all"). Similarly, if
> you use a deny statement, then anything not denied is automatically allowed
> (implicit "allow all").
>
> So you probably want to do this :
>
>   # Unknown Clients Range.
>   pool {
>     deny members of "smartphones";
>     # Note that he use of deny here implicitly allows everything else
>     range 10.53.33.1 10.53.35.254;
>   }
> ..
>   # Smartphones Range.
>   pool {
>     allow members of "smartphones";
>     # Note that the allow statement here implicitly denies everything else
>     range 10.53.10.2 10.53.11.254;
>   }..
>
> When you expand you config, you'll end up with :
>   # Unknown Clients Range.
>   pool {
>     deny members of "smartphones";
>     deny members of "tablets";
>     deny members of "laptops";
>     range 10.53.33.1 10.53.35.254;
>   }
> AFAIK there is no easier way to do this bit other than listing all the
> classes that can't use the pool. You do have to explicitly deny the classes
> here, otherwise members of them are still allowed to have addresses from
> that pool.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>


-- 
[image: EMERGYA] <http://www.emergya.com/>
*Juan García*

*Dto. de Soporte Interno*

*EMERGYA INGENIERÍA*

*m:* +34 954 517 577

*p:* +34 954 517 577
*e:* jagarcia at emergya.com
[image: linkedin icon] <https://www.linkedin.com/company/emergya>  [image:
facebook icon] <https://www.facebook.com/Emergya>  [image: twitter icon]
<https://twitter.com/emergya>  [image: youtube icon]
<https://www.youtube.com/channel/UCU0ISPwk1pcOWwjpX63gN_A>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190805/e645589c/attachment-0001.html>


More information about the dhcp-users mailing list