Logical Classes
Jeffrey Hutzelman
jhutz at cmu.edu
Wed Sep 17 02:54:17 UTC 2008
--On Tuesday, September 16, 2008 10:43:18 PM -0400 Kelvin Williams
<kelvin-lists at williamschadwell.com> wrote:
> I would like to create classes for clients that are not based on MAC
> Address, Vendor Info, etc.
>
>
>
> The ultimate goal here, is to have our IDS talk to our provisioning system
> and when it detects that a subscriber's machine is infected to place them
> into a walled garden.
>
>
>
> I've looked around but have been unable to find an answer. How can I
> create:
>
>
>
> class "virus-infected-idiot" {
>
> // What goes here //
>
> }
>
>
>
> When the MAC is known and the MAC may fall into another defined class on
> the dhcp server? Can the class be specified in the host declaration?
class "virus-infected-idiot" {
match hardware;
}
subclass "virus-infected-idiot" 1:AA:BB:CC:DD:EE:FF;
Replace AA:BB:CC:DD:EE:FF with the infected host's MAC address. You can
repeat the "subclass" line for as many machines as you want; any client
with a matching address will be treated as a member of the class.
There is nothing that says that a client cannot match more than one class.
When that happens, all of the classes apply -- options from each matching
class are used, and the client is treated as a member of each class for
purposes such as deciding from which pools it can be given addresses.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Carnegie Mellon University - Pittsburgh, PA
More information about the dhcp-users
mailing list