matching class to pool

Tue Jul 6 15:04:36 UTC 2010

On 07/07/10 00:12, Adam Moffett wrote:
>
>
> The next thing is what if someone's wireless station is bridged to a LAN
> (whether maliciously or accidentally) and their LAN uses up my entire
> DHCP pool. Since I also get a unique option 82 remote-id for each
> wireless station, it seems like a spawning class with a lease limit
> should prevent that problem. So in this example:
>
> class "OfficeAP" {
> match if option agent.circuit-id=a:0:3e:d4:60:73;
> spawn with option agent.remote-id;
> lease limit 1;
> }
>
> Would this limit the entire OfficeAP class to 1 lease, or would each
> spawned class get 1 lease?
>

This is from dhcpd.conf:

      class "customer" {
        spawn with option agent.circuit-id;
        lease limit 4;
      }

      Now whenever a request comes in from a  customer  site,  the
      circuit  ID  option will be checked against the class's hash
      table.   If a subclass is found that matches the circuit ID,
      the  client  will be classified in that subclass and treated
      accordingly.   If no subclass is found matching the  circuit
      ID, a new one will be created and logged in the dhcpd.leases
      file, and the client will be classified in this  new  class.
      Once  the  client  has  been  classified, it will be treated
      according to the rules of  the  class,  including,  in  this
      case, being subject to the per-site limit of four leases.

My reading is that for your case it is exactly like the above scenario, 
apart from selecting which clients will be members of the officeap 
class. So a new sub-class is spawned for each option agent.remote-id, 
and in your case this new sub-class inherits the lease limit 1 setting.

regards,
-glenn