Declaring subclasses on a per-subnet basis

Glenn Satchell glenn.satchell at uniq.com.au
Thu Aug 9 13:36:04 UTC 2012 

You could use the "if" statement, see the dhcp-eval man page. There are
some examples matching options. You can use '=' for straight equals, or
'~=' for regex matches.

Inside the group you could have something like this. I'm not sure those
are the right strings for each vendor...

if option vendor-class-identifier ~= 'MSFT' {
  ...
} else if option vendor-class-identifier ~= 'MACOS' {
  ...
} else {
  # anything else
  ...
}

regards,
-glenn

On Thu, August 9, 2012 10:13 pm, Hristov, Tihomir H. wrote:
> Thanks for the quick response guys,
>
> I do like the group{} functionality and can definitely use it for our
> special lab subnets. This still does not solve our problem completely. In
> our case, we would still need to do some kind of matching on the
> vendor-class-identifier. Reason being that one those subnets we have both
> Windows and MAC clients. Based on the vendor-class-identifier MACs would
> be getting special options set, while Windows would be using something
> totally different. How would we incorporate a filter/matching statement
> inside the group?
>
> Thank you
>
> -----Original Message-----
> From: dhcp-users-bounces+thristov=odu.edu at lists.isc.org
> [mailto:dhcp-users-bounces+thristov=odu.edu at lists.isc.org] On Behalf Of
> Glenn Satchell
> Sent: Thursday, August 09, 2012 1:51 AM
> To: Users of ISC DHCP
> Subject: Re: Declaring subclasses on a per-subnet basis
>
> Hi Tihomir
>
> If the option is only required for specific subnets, then perhaps the
> group{} functionality would work better, for example:
>
> group {
>     option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
>
>     subnet 10.10.0.0 netmask 255.255.0.0 {
>     ...
>     }
>     subnet 10.11.0.0 netmask 255.255.0.0 {
>     ...
>     }
> }
> Or if it is only to be valid in a single subnet you could set the option
> in that subnet or pool only.
>
> Classes are more useful for globally matching a subset of hosts based on
> some other parameter other than subnet.
>
> regards,
> -glenn
>
> On Thu, August 9, 2012 12:36 pm, Hristov, Tihomir H. wrote:
>>
>>   Dear all,
>>
>>  I an a Network engineer for Old Dominion University, Norfolk,
>> Virginia and my team is looking into a future PXE configuration. We
>> are trying to define classes with special options and have them
>> applicable only to some special "lab" subnets of the environment.
>>
>>  Based on research done so far, we have seen that classes and
>> subclasses are parsed on a global level and thus would apply to all
>> clients, and just the special "lab" subnets.
>>
>>  Still in a post from June 2012
>> (https://lists.isc.org/pipermail/dhcp-users/2012-June/015558.html) we
>> see an interesting configuration. Using it as an example, the
>> configuration we have in mind would match on a substring of
>> vendor-class-identifier (value AAPLBSDPC in this case) and set the
>> root-path option (an example).
>> It would look like this:
>>
>> class "vendor-class" {
>> 		match substring(option vendor-class-identifier,0,9); }
>>
>> subnet 10.10.0.0 netmask 255.255.0.0 {
>>
>>   subclass "vendor-class" "AAPLBSDPC"  {
>>      option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
>>   }
>>   pool {
>> 		option routers 10.10.1.1;
>> 		option domain-name-servers 10.101.21;
>> 		range 10.10.7.1 10.10.7.254;
>> 		option domain-name-servers 10.101.21;
>>   }
>> }
>>
>>  The main question here is:
>>   1. Would this configuration work as we would like and the class
>> declaration would affect only clients in the 10.10.0.0 subnet?
>>   2. Or would the ISC DHCP parser end up treating the subclass as a
>> global declaration and thus set option root-path to
>> "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg" for all clients,
>> regardless of their subnet?
>>
>>
>> In case this would end up a global configuration, we were thinking of
>> declaring a class that matches on 2 conditions.
>>
>>  1. vendor-class-identifier substring
>>  2. giaddress
>>
>>  Since we use DHCP Relay Agents all over our network, we would be able
>> to use the giaddress and match it to the special "lab" subnets. We
>> have seen some references to
>>
>>    match if (option dhcp-giaddress-field= 10.10.10.1)
>>
>>  and we were wondering if that would work. If not, what is the way to
>> check the Relay Agent IP Address?
>>
>>
>>  Your help and guidance would be greatly appreciated.
>>
>>  Sincerely,
>>
>>  Tihomir Hristov
>>  Senior Network Engineer
>>  Old Dominion University
>>  Office of Computing and Communications Services
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> --
> BEGIN-ANTISPAM-VOTING-LINKS
> ------------------------------------------------------
>
> Teach CanIt if this mail (ID 692326909) is spam:
> Spam:
> https://www.spamtrap.odu.edu/b.php?i=692326909&m=e4b513fc9233&t=20120809&c=s
> Not spam:
> https://www.spamtrap.odu.edu/b.php?i=692326909&m=e4b513fc9233&t=20120809&c=n
> Forget vote:
> https://www.spamtrap.odu.edu/b.php?i=692326909&m=e4b513fc9233&t=20120809&c=f
> ------------------------------------------------------
> END-ANTISPAM-VOTING-LINKS
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

More information about the dhcp-users mailing list