Declaring subclasses on a per-subnet basis

Hristov, Tihomir H. thristov at odu.edu
Thu Aug 9 17:49:14 UTC 2012 

  That is great,

 So based on what you are informing me, the following should work:

group {   
    if option vendor-class-identifier ~= 'AAPLBSDPC' {    
	option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
    } else {
 	option root-path "nfs:192.168.1.2:/windows:Windows.iso"
    }
    subnet 10.10.0.0 netmask 255.255.0.0 {
    ...
    }
    subnet 10.11.0.0 netmask 255.255.0.0 {
    ...
    }
}

(* I am using root-path as just an example, in production I am setting totally different options)


Again, I have a small question. If I was not to use a group, would the following config work as expected and set the two different values for option root-path based on the vendor-class-identifier?


    subnet 10.10.0.0 netmask 255.255.0.0 {
	    if option vendor-class-identifier ~= 'AAPLBSDPC' {    
		option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
	    } else {
	 	option root-path "nfs:192.168.1.2:/windows:Windows.iso"
	    }
    }

Thank you very much


-----Original Message-----
From: dhcp-users-bounces+thristov=odu.edu at lists.isc.org [mailto:dhcp-users-bounces+thristov=odu.edu at lists.isc.org] On Behalf Of Glenn Satchell
Sent: Thursday, August 09, 2012 9:36 AM
To: Users of ISC DHCP
Subject: RE: Declaring subclasses on a per-subnet basis

You could use the "if" statement, see the dhcp-eval man page. There are some examples matching options. You can use '=' for straight equals, or '~=' for regex matches.

Inside the group you could have something like this. I'm not sure those are the right strings for each vendor...

if option vendor-class-identifier ~= 'MSFT' {
  ...
} else if option vendor-class-identifier ~= 'MACOS' {
  ...
} else {
  # anything else
  ...
}

regards,
-glenn

On Thu, August 9, 2012 10:13 pm, Hristov, Tihomir H. wrote:
> Thanks for the quick response guys,
>
> I do like the group{} functionality and can definitely use it for our 
> special lab subnets. This still does not solve our problem completely. 
> In our case, we would still need to do some kind of matching on the 
> vendor-class-identifier. Reason being that one those subnets we have 
> both Windows and MAC clients. Based on the vendor-class-identifier 
> MACs would be getting special options set, while Windows would be 
> using something totally different. How would we incorporate a 
> filter/matching statement inside the group?
>
> Thank you
>
> -----Original Message-----
> From: dhcp-users-bounces+thristov=odu.edu at lists.isc.org
> [mailto:dhcp-users-bounces+thristov=odu.edu at lists.isc.org] On Behalf 
> Of Glenn Satchell
> Sent: Thursday, August 09, 2012 1:51 AM
> To: Users of ISC DHCP
> Subject: Re: Declaring subclasses on a per-subnet basis
>
> Hi Tihomir
>
> If the option is only required for specific subnets, then perhaps the 
> group{} functionality would work better, for example:
>
> group {
>     option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
>
>     subnet 10.10.0.0 netmask 255.255.0.0 {
>     ...
>     }
>     subnet 10.11.0.0 netmask 255.255.0.0 {
>     ...
>     }
> }
> Or if it is only to be valid in a single subnet you could set the 
> option in that subnet or pool only.
>
> Classes are more useful for globally matching a subset of hosts based 
> on some other parameter other than subnet.
>
> regards,
> -glenn
>
> On Thu, August 9, 2012 12:36 pm, Hristov, Tihomir H. wrote:
>>
>>   Dear all,
>>
>>  I an a Network engineer for Old Dominion University, Norfolk, 
>> Virginia and my team is looking into a future PXE configuration. We 
>> are trying to define classes with special options and have them 
>> applicable only to some special "lab" subnets of the environment.
>>
>>  Based on research done so far, we have seen that classes and 
>> subclasses are parsed on a global level and thus would apply to all 
>> clients, and just the special "lab" subnets.
>>
>>  Still in a post from June 2012
>> (https://lists.isc.org/pipermail/dhcp-users/2012-June/015558.html) we 
>> see an interesting configuration. Using it as an example, the 
>> configuration we have in mind would match on a substring of 
>> vendor-class-identifier (value AAPLBSDPC in this case) and set the 
>> root-path option (an example).
>> It would look like this:
>>
>> class "vendor-class" {
>> 		match substring(option vendor-class-identifier,0,9); }
>>
>> subnet 10.10.0.0 netmask 255.255.0.0 {
>>
>>   subclass "vendor-class" "AAPLBSDPC"  {
>>      option root-path "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg";
>>   }
>>   pool {
>> 		option routers 10.10.1.1;
>> 		option domain-name-servers 10.101.21;
>> 		range 10.10.7.1 10.10.7.254;
>> 		option domain-name-servers 10.101.21;
>>   }
>> }
>>
>>  The main question here is:
>>   1. Would this configuration work as we would like and the class 
>> declaration would affect only clients in the 10.10.0.0 subnet?
>>   2. Or would the ISC DHCP parser end up treating the subclass as a 
>> global declaration and thus set option root-path to 
>> "nfs:192.168.1.1:/nbi:NetInstall-Restore.dmg" for all clients, 
>> regardless of their subnet?
>>
>>
>> In case this would end up a global configuration, we were thinking of 
>> declaring a class that matches on 2 conditions.
>>
>>  1. vendor-class-identifier substring  2. giaddress
>>
>>  Since we use DHCP Relay Agents all over our network, we would be 
>> able to use the giaddress and match it to the special "lab" subnets. 
>> We have seen some references to
>>
>>    match if (option dhcp-giaddress-field= 10.10.10.1)
>>
>>  and we were wondering if that would work. If not, what is the way to 
>> check the Relay Agent IP Address?
>>
>>
>>  Your help and guidance would be greatly appreciated.
>>
>>  Sincerely,
>>
>>  Tihomir Hristov
>>  Senior Network Engineer
>>  Old Dominion University
>>  Office of Computing and Communications Services
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> --
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>


_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


--
BEGIN-ANTISPAM-VOTING-LINKS
------------------------------------------------------

Teach CanIt if this mail (ID 692430684) is spam:
Spam:        https://www.spamtrap.odu.edu/b.php?i=692430684&m=1b6f108147f2&t=20120809&c=s
Not spam:    https://www.spamtrap.odu.edu/b.php?i=692430684&m=1b6f108147f2&t=20120809&c=n
Forget vote: https://www.spamtrap.odu.edu/b.php?i=692430684&m=1b6f108147f2&t=20120809&c=f
------------------------------------------------------
END-ANTISPAM-VOTING-LINKS

More information about the dhcp-users mailing list