Help with class match understanding.

Tom Greaser tgreaser at hsc.wvu.edu
Thu Dec 13 17:20:00 UTC 2007 

using Internet Systems Consortium DHCP Server V3.0.5-RedHat

We took a big jump from 3.0.1  the conf file was working as normal
until we added class match in group2.   generic break down of our our
conf is setup.
all options are defined outside the subnets unless stated otherwise.

global 
boot unknown false;

{
 group {   #group1
uses the global options;
but have some  subnets with specific options set

subnets 
inside firewall
}

group  {  # group2
specific group options
boot unknown true;
voip group
this holds the only class match in the conf
each pool has a statement to only match the devices
in the class map

}
group { # group3
outside firewall
local options
boot unknown true;
}


i have NO host statement for the devices in group2 

looking below you will see when the new conf was put in place.. Now
hosts that match
the class match even though the pool / match statment is not part of
that goup1.. it will be
offered and IP . when it should be denied an IP.

this is a subnet of group1
Dec  9 07:31:08 pippin dhcpd: DHCPDISCOVER from 00:11:21:11:63:2b via
10.3.20.1: unknown client
Dec  9 08:26:59 pippin dhcpd: DHCPDISCOVER from 00:11:21:11:63:2b via
10.3.20.1: unknown client
Dec  9 08:28:07 pippin dhcpd: DHCPDISCOVER from 00:11:21:11:63:2b via
10.3.20.1: unknown client
Dec  9 08:28:23 pippin dhcpd: DHCPDISCOVER from 00:11:21:11:63:2b via
10.3.20.1: unknown client

Dec  9 08:28:55 pippin dhcpd: DHCPDISCOVER from 00:11:21:11:63:2b via
10.3.20.1
Dec  9 08:28:56 pippin dhcpd: DHCPOFFER on 10.3.20.254 to
00:11:21:11:63:2b (SEP00112111632B) via 10.3.20.1
Dec  9 08:28:56 pippin dhcpd: DHCPREQUEST for 10.3.20.254
(157.182.94.70) from 00:11:21:11:63:2b (SEP00112111632B) via 10.3.20.1
Dec  9 08:28:56 pippin dhcpd: DHCPACK on 10.3.20.254 to
00:11:21:11:63:2b (SEP00112111632B) via 10.3.20.1


Ive read the man dhcpd.conf and i think i understand the how it
searches through the conf for a match.
Even though its closest match is the class match .. Group 1 has  boot
unknown false  configured.
How / what do i need to do to make sure hosts that match the class
statement dont get an IP if they
are in subnets that are not part of group2 ?   



      When a client is to be booted, its boot parameters are determined
by consulting that client’s host declaration (if any),
and then consulting any class declarations matching the client,
followed by the pool, subnet and shared-network declarations 
for the IP address  assigned to the client.   Each of these
declarations itself appears within a lexical scope, 
and all declarations at less specific lexical scopes are also consulted
for client option declarations.  
Scopes are never considered twice, and if parameters are declared in
more than one scope, the parameter declared in 
the most specific scope is the one that is used.

More information about the dhcp-users mailing list