static IPs, nested logic

Andrei Filimonov af at baltmax.com
Mon Jun 26 08:40:04 UTC 2006 

Please.
> Hi,
>
> Could anybody please help me finding an efficient solution.
> I have 2 questions.
>
> 1) How do i manage static ip addresses, if the only way to identify the 
> client is by his option agent.remote-id number;
>
> The easy way would be creating a separate class for each ip addres like:
>
>    class "aaa-bbb-ccc-ddd" {
>        match if option agent.remote-id = 00:00:ff:aa:d2:19;
>    }
>
> then simply place this class in a pool with one ip address
>
>    pool {
>        ...
>        deny members of "aaa-bbb-ccc-ddd";
>        range aaa.bbb.ccc.1 aaa.bbb.ccc.253;
>    }
>
>    pool {
>        allow members of "aaa-bbb-ccc-ddd";
>        range aaa.bbb.ccc.254 aaa.bbb.ccc.254;
>    }
>    ...
>
> but this is very inconvenient because the number of pools and static ip 
> addresses is starting to grow.
> Soon there will be like 500 classes for static users, and 500 such 1 
> address subpools, that is very difficult to manage.
> What could be the solution?
>
> 2) The only way to identify the subnet ( subnet from which the 
> particular user should recive an ip address ) is by the option 
> agent.circuit-id number.
>
> so i create a class for each subnet
> like
>
>    class "subnet1" {
>        match if option agent.circuit-id = 00:00:00:01;
>    }
>
> and then i place
> that class in an adequate subnet
> like
>
>    subnet aaa.bbb.ccc.0 netmask 255.255.255.0 {
>        option routers blah blah
>        ..
>        pool{
>           allow members of "subnet1";
>           ..
>        }
>    }
>
> it works ok.
> But what if i want to add an additional pool to the subnet, for the 
> users with restricted rights for example.
> So i want the server to select the right subnet for the user and only 
> then filter them by other classes which are irrelevant to the subnet 
> user chooses to be in.
>
>    pool{
>        allow members of "subnet1";
>        deny members of  "restrictedusers";
>        ..
>    }
>
>    pool{
>        allow mumbers of "subnet1";
>        allow members of "restrictedusers";
>        ...
>    }
>
> something like that wont work because allows/denies have OR logic if I'm 
> not mistaken.
> so how do i make a nested criteria.
>
> something like
>
> ..{
>        allow members of "subnet1";
>        pool{
>           deny members of "group1";
>            ...
>        }
>        pool{
>           allow members of "group1";
>           ...
>        }
>    }
>
> Thank you.
>
>
>
>
>
>
>
>
>

More information about the dhcp-users mailing list