Problem with class definition

Glenn Satchell glenn.satchell at uniq.com.au
Tue Sep 7 16:15:12 UTC 2010 

On 09/08/10 02:00, კონსტანტინე ქაროსანიძე wrote:
> Hello,
>
> I run dhcp for my clients (i'm sysadmin at ISP) and using option 82 to
> identify requests and assign corresponding ip to client but now i have
> case that I cant use option 82 (because of some network topology option
> 82 is not added to request)
>
> Solution was to identify clients by source address from where request
> comes. (actually from ip assigned to that vlan on cisco switch, vlan
> gateway)
>
> after lots of tries I figured out following config:
>
> class "ADSL_Universal_34" {
>      match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf1" );
>      log(info, "matched class ADSL_Universal_34");
>      log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
> 8, "", packet(24,4))));
>      log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
> }
>
> class "ADSL_Universal_35" {
>      match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );
>      log(info, "matched class ADSL_Universal_35");
>      log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
> 8, "", packet(24,4))));
>      log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
> }
>
> subnet 94.137.191.0 netmask 255.255.255.128
> {
>
>      pool {
>          option subnet-mask 255.255.255.192;
>          option routers 94.137.191.1;
>          option ip-forwarding FALSE;
>          deny unknown-clients;
>          allow members of "ADSL_Universal_34";
>          range 94.137.191.2 94.137.191.5;
>      }
>
>      pool {
>          option subnet-mask 255.255.255.192;
>          option routers 94.137.191.65;
>          option ip-forwarding FALSE;
>          deny unknown-clients;
>          allow members of "ADSL_Universal_35";
>          range 94.137.191.66 94.137.191.70;
>      }
> }
>
> where 5e89bf41 and 5e89bf1 are gateway ip addresses in hex. While using
> this config strange thing happens.
>
> when i use
>
>          deny unknown-clients;
>          allow members of "ADSL_Universal_35";
>
> this directives for matching class to pool nothing works but it's
> enought for me to remove this lines from config and in log file I see
> that incomming requests are matched to class.
>
> Sep  7 18:36:04 dhcp dhcpd: matched class ADSL_Universal_35
> Sep  7 18:36:04 dhcp dhcpd: DHCPINFORM from 94.137.191.2 via 94.137.191.65
> Sep  7 18:36:04 dhcp dhcpd: DHCPACK to 94.137.191.2 (d8:d3:85:21:3f:f3)
> via em0
>
> but if i uncomment above two lines I have nothing logged and no ip
> addresses assigned.
>
> I know that it is not good solution and is just a workaround of problem
> but I need to make it working.
>
> Any ideas how to fix?
>
> Best Regards,
> Konstantine Karosanidze,
>
> CAUCASUS ONLINE ISP
> System Administrator
>

It's enough to just say 'allow members of ...' and that will deny all 
other devices. A client identified by a class is still an unknown client.

Also instead of

match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );

you can be slightly more efficient and say:

match if ( packet(24,4)) = 5e:89:bf:41 );

But I am a bit confused by your subnet definition. In the subnet you set 
a /25 subnet mask, but then in the pool it's different?

-- 
regards,
-glenn
--
Glenn Satchell                            |  Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia   |  do at work Dad?
mailto:glenn.satchell at uniq.com.au         |  Miss 6: He just
http://www.uniq.com.au tel:0409-458-580   |  types random stuff.

More information about the dhcp-users mailing list