Trouble matching hardware address with class, subclass and pools

Simon Hobson dhcp1 at thehobsons.co.uk
Thu Dec 17 17:38:12 UTC 2020


Fleming, Tony <t.fleming at tcu.edu> wrote:

> My configuration looks like:
> Class “Allowed” {
>                 match pick-first-value (option dhcp-client-identifier, hardware);
> }
>  
> Subclass “Allowed” 1:xx:xx:xx:xx:xx:01;
>  
> shared-network "Restricted_Net" {
>                 authoritative;
>                 subnet 10.56.128.0 netmask 255.255.224.0 {
>                         pool {
>                                 allow dynamic bootp clients;
>                                 allow members of "Allowed";
>                                 option routers 10.56.128.1;
>                                 range 10.56.128.21 10.56.159.250;
>                         }
>                         pool {
>                                 option routers 10.56.128.1;
>                                 range 10.56.159.251 10.56.159.254;
>                         }
>                 }
> }
>  
> When using the device with the Ethernet xx:xx:xx:xx:xx:01, pool 10.56.128.21-250 (members of “Allowed”) is never used. It always falls through to the second pool “10.56.159.251-254”.
>  
> I know I am doing something dumb, but I am completely missing it.

Don't worry, we've all been there. You need to deny members of "Allowed" from the second pool.

Without a deny, although the client might match the class and be allowed in one range/pool/subnet/whatever - it's not automatically excluded from anything else. So if the client already had a lease (whether current or expired) in the second pool, then it will still be able to use it - and the server will offer it in preference to anything else. Also, if the client hasn't been seen before (i.e. has no previous lease) then the implementation (undocumented, not guaranteed not to change) will allocate "top down" address wise - so clients will preferentially be offered addresses in the higher numbered range until it has no "not previously used" addresses.

Simon



More information about the dhcp-users mailing list