Can subclass work for me?
Marc Perea
marccp at srttel.com
Mon Feb 16 19:55:28 UTC 2009
Hello list,
I have a problem where I have a finite list of vendor MAC addresses that I'd like to allow to get DHCP service, and any not in my approved list I'd like to ignore. I have an additional requirement that I must use option 82 info to assign a static IP (which I'm doing by creating a class for each option 82 client, and setting a pool of 1 IP per class).
I had hoped to have a class named valid_oui where it matches if substring(hardware(1,3) = [valid oui1] or substring(hardware(1,3) = [valid oui2] ... and so forth. If I'm reading the documentation correctly, subclasses won't work out for me, since I'd like a subclass to start having matched an OUI, and _then_ also match on specific option 82 data. I believe the subclass will instead match vendor oui 1, vendor oui 2, etc. Stated another way, can I start working with a class/subclass caring about the hardware address and then switch to caring about option agent.circuit-id once I've passed some criteria for hardware?
Is there a better way for me to consider doing what I'm trying here, or should I start looking into snort to filter my ingress dhcp requests and filter them there?
In case it matters, it is more important for me to match an IP to a circuit-ID than it is to deny service to unknown OUIs, and the former is already running in production.
Thanks!
Marc Perea
Network Support Engineer
SRT Communications, Inc.
(701)858-5235
marccp at srttel.com
More information about the dhcp-users
mailing list