static IPs, nested logic
Andrei Filimonov
af at baltmax.com
Mon Jun 26 08:40:04 UTC 2006
Please.
> Hi,
>
> Could anybody please help me finding an efficient solution.
> I have 2 questions.
>
> 1) How do i manage static ip addresses, if the only way to identify the
> client is by his option agent.remote-id number;
>
> The easy way would be creating a separate class for each ip addres like:
>
> class "aaa-bbb-ccc-ddd" {
> match if option agent.remote-id = 00:00:ff:aa:d2:19;
> }
>
> then simply place this class in a pool with one ip address
>
> pool {
> ...
> deny members of "aaa-bbb-ccc-ddd";
> range aaa.bbb.ccc.1 aaa.bbb.ccc.253;
> }
>
> pool {
> allow members of "aaa-bbb-ccc-ddd";
> range aaa.bbb.ccc.254 aaa.bbb.ccc.254;
> }
> ...
>
> but this is very inconvenient because the number of pools and static ip
> addresses is starting to grow.
> Soon there will be like 500 classes for static users, and 500 such 1
> address subpools, that is very difficult to manage.
> What could be the solution?
>
> 2) The only way to identify the subnet ( subnet from which the
> particular user should recive an ip address ) is by the option
> agent.circuit-id number.
>
> so i create a class for each subnet
> like
>
> class "subnet1" {
> match if option agent.circuit-id = 00:00:00:01;
> }
>
> and then i place
> that class in an adequate subnet
> like
>
> subnet aaa.bbb.ccc.0 netmask 255.255.255.0 {
> option routers blah blah
> ..
> pool{
> allow members of "subnet1";
> ..
> }
> }
>
> it works ok.
> But what if i want to add an additional pool to the subnet, for the
> users with restricted rights for example.
> So i want the server to select the right subnet for the user and only
> then filter them by other classes which are irrelevant to the subnet
> user chooses to be in.
>
> pool{
> allow members of "subnet1";
> deny members of "restrictedusers";
> ..
> }
>
> pool{
> allow mumbers of "subnet1";
> allow members of "restrictedusers";
> ...
> }
>
> something like that wont work because allows/denies have OR logic if I'm
> not mistaken.
> so how do i make a nested criteria.
>
> something like
>
> ..{
> allow members of "subnet1";
> pool{
> deny members of "group1";
> ...
> }
> pool{
> allow members of "group1";
> ...
> }
> }
>
> Thank you.
>
>
>
>
>
>
>
>
>
More information about the dhcp-users
mailing list