dhcp classes help

Glenn Satchell Glenn.Satchell at uniq.com.au
Sun Nov 18 11:39:49 UTC 2007 

You'll probably get some unexpected behaviour with the subnet inside
the class declaration. And there is no need to group the whole thing.

Being a member of a class does not make a host "known", only a host
statement makes a host "known" so that it can match 'deny unknown
clients' for example.

Usual practise is to have class and subnet in the global scope, eg:

class "voip-phones" {
  match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
  or
  substring (option vendor-class-identifier, 0, 10) = "ATA188-H17";
  # can set any options that are specific to the viop-phones class,
  # eg boot files or lease times. 
} ## ends class voip-phones

group {

subnet 10.183.50.0 netmask 255.255.255.0 {
  pool {
    range 10.183.50.4 10.183.50.254;
    option routers 10.183.50.1;
    allow members of "voip-phones"; # explicitly denies everyone else
  } # end pool
}  ## end subnet

} ## ends group 

regards,
-glenn

>Date: Thu, 15 Nov 2007 13:06:41 -0500
>From: "Tom Greaser" <tgreaser at hsc.wvu.edu>
>To: <dhcp-users at isc.org>
>Subject: Re: dhcp classes help
>
>I think i got it (will test in lab) but still wanted to see 
>if anyone thinks im shooting myself in the foot
>
>group {
>options n stuff
>
>boot-unknown-clients false;
>class "voip-phones" {
>
>match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
or
>substring (option vendor-class-identifier, 0, 10) = "ATA188-H17"; 
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
>        range 10.183.50.4 10.183.50.254;
>        option routers 10.183.50.1;
>   }  ## end subnet
> 
>} ## ends class voip-phones
>} ## ends group 
>
> 
>>>> "Tom Greaser" <tgreaser at hsc.wvu.edu> 11/14/07 4:55 PM >>> 
>Im wanting to setup a match for the vendor info
>to allow voip phones and ata to work but deny any pc that
>may get into those networks from picking up an ip
>
>Im new to classes / subclasses / matching so i thought i would shoot this 
>to the group and see if anyone would direct me into a better way of doing thing
>(not afraid to pickup a book / man dhcp* )
>
>
>group {
>
>## voip phones
>
>option domain-name-servers ;
>authoritative;
>option ntp-servers ;
>option log-servers ;
>option option-150 ;
>option tftp-server-name "";
>dhcp-renewal-time 86400; ## 1day
>default-lease-time 2592000;  ##1 month
>max-lease-time 2592000;   ##1 month
>ddns-updates off;
>boot-unknown-clients false;
>
>class "voip-phones" {
>
>match if (substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
) or
>	 (substring (option vendor-class-identifier, 0, 10) = "ATA188-H17");
>
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
>   allow members of "voip-phones";
>        range 10.183.50.4 10.183.50.254;
>        option routers 10.183.50.1;
>   }  ## end subnet
>
>50 other subnet statements later
>
>
>    } ## end class
>} ## end group
>
>
>
>
>
>

More information about the dhcp-users mailing list