[Kea-users] DHCP Classes Kea Configuration
Jordan Tinsley
jtinsley at lrecok.coop
Thu Dec 6 20:31:12 UTC 2018
Not sure if we are on the same page or not.
Here is an example ISC DHCP configure that is working just fine for me. I
have several more shared-networks as well as a lot more classes, and have no
issues.
I would basically like to do the same thing in Kea like I have in ISC DHCP
where I have the following for each shared-network -
"allow members of "APPLE";
"allow members of "BELKIN";
Example ISC DHCP configuration -
class "APPLE" {
match if ( substring (hardware,1,3) = b0:19:c6 ) or
( substring (hardware,1,3) = d8:a2:5e ) or
( substring (hardware,1,3) = b8:c7:5d ) or
( substring (hardware,1,3) = 6c:70:9f ) or
( substring (hardware,1,3) = 88:1f:a1 );
}
class "BELKIN" {
match if ( substring (hardware,1,3) = 60:38:e0 ) or
( substring (hardware,1,3) = 58:ef:58 ) or
( substring (hardware,1,3) = 58:ef:68 );
}
## Pool 1
shared-network "pool 1" {
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name-servers 8.8.8.8, 8.8.4.4;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
default-lease-time 259200;
max-lease-time 259200;
pool {
range 192.168.1.2 192.168.1.254;
allow members of "APPLE";
allow members of "BELKIN";
}
}
}
## Pool 2
shared-network "pool 2" {
subnet 192.168.2.0 netmask 255.255.255.0 {
option domain-name-servers 8.8.8.8, 8.8.4.4;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
default-lease-time 259200;
max-lease-time 259200;
pool {
range 192.168.2.2 192.168.2.254;
allow members of "APPLE";
allow members of "BELKIN";
}
}
}
-----Original Message-----
From: Francis Dupont <fdupont at isc.org>
Sent: Thursday, December 6, 2018 9:08 AM
To: Jordan Tinsley <jtinsley at lrecok.coop>
Cc: 'Francis Dupont' <fdupont at isc.org>; kea-users at lists.isc.org
Subject: Re: [Kea-users] DHCP Classes Kea Configuration
"Jordan Tinsley" writes:
> Yes, this is DHCPv4. Sorry I forgot to include that. How do I
> include multiple client-classes in a subnet? Would I just separate
> each client-class with a comma?
=> in Kea subnet and pool guards are a single class (vs allow / deny lists
in ISC DHCP). If you want a complex expression we have to use the
"member('foo')" expression which evals to true when the packet belongs to
the client class 'foo'. With this you can combine classes into a boolean
expression and use the result class as the guard.
The only constraint is in the order of classes: you can check class
membership only in a class which is known i.e. in the general case is
defined before.
Regards
Francis Dupont <fdupont at isc.org>
PS: note this can't be backported to ISC DHCP because it has a hard limit to
5 classes for a packet and of course if the Kea feature is IMHO easier /
clearer it can add a great number of classes to a packet.
About performance I don't believe there is a big difference one way or the
other.
More information about the Kea-users
mailing list