[Kea-users] DHCP Classes Kea Configuration

Thu Dec 6 20:31:12 UTC 2018

Not sure if we are on the same page or not.

Here is an example ISC DHCP configure that is working just fine for me.  I
have several more shared-networks as well as a lot more classes, and have no
issues.

I would basically like to do the same thing in Kea like I have in ISC DHCP
where I have the following for each shared-network -

 "allow members of "APPLE";
"allow members of "BELKIN";

Example ISC DHCP configuration -

class "APPLE" {

        match if ( substring (hardware,1,3) = b0:19:c6 ) or
                ( substring (hardware,1,3) = d8:a2:5e ) or
                ( substring (hardware,1,3) = b8:c7:5d ) or
                ( substring (hardware,1,3) = 6c:70:9f ) or
                ( substring (hardware,1,3) = 88:1f:a1 );

}

class "BELKIN" {
         match if ( substring (hardware,1,3) = 60:38:e0 ) or
                ( substring (hardware,1,3) = 58:ef:58 ) or
                ( substring (hardware,1,3) = 58:ef:68 );

}

## Pool 1
shared-network "pool 1" {
subnet 192.168.1.0 netmask 255.255.255.0 {

       option domain-name-servers 8.8.8.8, 8.8.4.4;
       option routers 192.168.1.1;
       option broadcast-address 192.168.1.255;
       default-lease-time 259200;
       max-lease-time 259200;

        pool {

                range 192.168.1.2 192.168.1.254;

                allow members of "APPLE";
		allow members of "BELKIN";

}
}
}

## Pool 2
shared-network "pool 2" {
subnet 192.168.2.0 netmask 255.255.255.0 {

       option domain-name-servers 8.8.8.8, 8.8.4.4;
       option routers 192.168.2.1;
       option broadcast-address 192.168.2.255;
       default-lease-time 259200;
       max-lease-time 259200;

        pool {

                range 192.168.2.2 192.168.2.254;

                allow members of "APPLE";
		allow members of "BELKIN";

}
}
}

-----Original Message-----
From: Francis Dupont <fdupont at isc.org> 
Sent: Thursday, December 6, 2018 9:08 AM
To: Jordan Tinsley <jtinsley at lrecok.coop>
Cc: 'Francis Dupont' <fdupont at isc.org>; kea-users at lists.isc.org
Subject: Re: [Kea-users] DHCP Classes Kea Configuration

"Jordan Tinsley" writes:
> Yes, this is DHCPv4.  Sorry I forgot to include that.  How do I 
> include multiple client-classes in a subnet?  Would I just separate 
> each client-class with a comma?

=> in Kea subnet and pool guards are a single class (vs allow / deny lists
in ISC DHCP). If you want a complex expression we have to use the
"member('foo')" expression which evals to true when the packet belongs to
the client class 'foo'. With this you can combine classes into a boolean
expression and use the result class as the guard.
 The only constraint is in the order of classes: you can check class
membership only in a class which is known i.e. in the general case is
defined before.

Regards

Francis Dupont <fdupont at isc.org>

PS: note this can't be backported to ISC DHCP because it has a hard limit to
5 classes for a packet and of course if the Kea feature is IMHO easier /
clearer it can add a great number of classes to a packet.
 About performance I don't believe there is a big difference one way or the
other.