Wrong gateway when using class in a subnet
jeffrey j donovan
donovan at beth.k12.pa.us
Fri Jun 1 14:52:43 UTC 2012
On Jun 1, 2012, at 8:59 AM, Randall C Grimshaw wrote:
> Correct, but to be precise the allow/deny is part of a pool definition that *is* a valid part of a subnet definition. For my needs the class he describes required a third pool definition.... [quietly singing] and the ham bone connects to the backbone...
>
>
here is a sample of of multiple vendor classes inside and outside scope. There should be multiple allow/deny statements. Similar to a firewall, to tailor your requests; here is a simple example;
##sample
class "vendor-class" {
match option vendor-class-identifier;}
class "ALCATEL-iptouch" {
match if substring (option host-name,0,15) = "ALCATEL-iptouch";
}
class "FHS" {
match if substring (option host-name,0,3) = "FHS"
or substring (option host-name,0,3) = "CFF";
}
class "somePhones" {
match if substring (hardware, 1,3) = 00:e0:bb;
}
class "smartphones" {
match if substring (hardware, 1,3) = 00:25:57
or substring (hardware, 1,3) = 00:26:b0
}
class "ipod" {
match if substring (hardware, 1,3) = 8c:7b:9d
or substring (hardware, 1,3) = 00:26:b0
}
# subnet 10.10.x.x
subnet 10.10.0.0 netmask 255.255.0.0 {
subclass "vendor-class" "ArubaAP" {
option vendor-class-identifier "ArubaAP";
option serverip 10.1011.1;
}
pool {
allow members of "ALCATEL-iptouch";
allow members of "somePhones";
deny members of "FHS";
deny members of "smartphones";
deny members of "ipod";
option routers 10.10.1.1;
option domain-name-servers 10.101.21;
range 10.10.7.1 10.10.7.254;
next-server 10.10.7.31;
option vendor-encapsulated-options 0A:23:07:1F;
option tftp-server-name "10.10.7.31";
option domain-name-servers 10.101.21;
}
pool {
allow members of "smartphones";
allow members of "ipod";
allow members of "FHS";
deny members of "ALCATEL-iptouch";
deny members of "somePhones";
range 10.10.11.10 10.10.19.250;
option routers 10.10.1.1;
option domain-name-servers 10.101.21;
option domain-name "example.com";
max-lease-time 300;
}
#miscreant_alley
pool {
deny members of "FHS";
deny members of "ALCATEL-iptouch";
deny members of "somePhones";
deny members of "smartphones";
deny members of "ipod";
range 10.10.26.1 10.10.36.254;
option routers 10.10.1.1;
option domain-name-servers 10.101.21;
option domain-name "example.com";
max-lease-time 3600;
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120601/c2ab849b/attachment.html>
More information about the dhcp-users
mailing list