dhcp classes help
Glenn Satchell
Glenn.Satchell at uniq.com.au
Sun Nov 18 11:39:49 UTC 2007
You'll probably get some unexpected behaviour with the subnet inside
the class declaration. And there is no need to group the whole thing.
Being a member of a class does not make a host "known", only a host
statement makes a host "known" so that it can match 'deny unknown
clients' for example.
Usual practise is to have class and subnet in the global scope, eg:
class "voip-phones" {
match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP"
or
substring (option vendor-class-identifier, 0, 10) = "ATA188-H17";
# can set any options that are specific to the viop-phones class,
# eg boot files or lease times.
} ## ends class voip-phones
group {
subnet 10.183.50.0 netmask 255.255.255.0 {
pool {
range 10.183.50.4 10.183.50.254;
option routers 10.183.50.1;
allow members of "voip-phones"; # explicitly denies everyone else
} # end pool
} ## end subnet
} ## ends group
regards,
-glenn
>Date: Thu, 15 Nov 2007 13:06:41 -0500
>From: "Tom Greaser" <tgreaser at hsc.wvu.edu>
>To: <dhcp-users at isc.org>
>Subject: Re: dhcp classes help
>
>I think i got it (will test in lab) but still wanted to see
>if anyone thinks im shooting myself in the foot
>
>group {
>options n stuff
>
>boot-unknown-clients false;
>class "voip-phones" {
>
>match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP"
or
>substring (option vendor-class-identifier, 0, 10) = "ATA188-H17";
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
> range 10.183.50.4 10.183.50.254;
> option routers 10.183.50.1;
> } ## end subnet
>
>} ## ends class voip-phones
>} ## ends group
>
>
>>>> "Tom Greaser" <tgreaser at hsc.wvu.edu> 11/14/07 4:55 PM >>>
>Im wanting to setup a match for the vendor info
>to allow voip phones and ata to work but deny any pc that
>may get into those networks from picking up an ip
>
>Im new to classes / subclasses / matching so i thought i would shoot this
>to the group and see if anyone would direct me into a better way of doing thing
>(not afraid to pickup a book / man dhcp* )
>
>
>group {
>
>## voip phones
>
>option domain-name-servers ;
>authoritative;
>option ntp-servers ;
>option log-servers ;
>option option-150 ;
>option tftp-server-name "";
>dhcp-renewal-time 86400; ## 1day
>default-lease-time 2592000; ##1 month
>max-lease-time 2592000; ##1 month
>ddns-updates off;
>boot-unknown-clients false;
>
>class "voip-phones" {
>
>match if (substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP"
) or
> (substring (option vendor-class-identifier, 0, 10) = "ATA188-H17");
>
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
> allow members of "voip-phones";
> range 10.183.50.4 10.183.50.254;
> option routers 10.183.50.1;
> } ## end subnet
>
>50 other subnet statements later
>
>
> } ## end class
>} ## end group
>
>
>
>
>
>
More information about the dhcp-users
mailing list