dhcp classes help

Tom Greaser tgreaser at hsc.wvu.edu
Mon Nov 19 16:23:56 UTC 2007 

 Glenn 
Thank you very much for helping me out. 

i followed most of your conf .. and IT WORKS..  tested in my lab and
thanks for putting in the comment about the known hosts wont be effect by the
match statement..
i set it to boot unknown true and applied the pool / allowed statement
to the ranges and it works as expected
the phones / ata get an ip where as pc dont..  ie no free leases.

Thanks 
 
>>> Glenn Satchell <Glenn.Satchell at uniq.com.au> 11/18/07 6:39 AM >>> 
You'll probably get some unexpected behaviour with the subnet inside
the class declaration. And there is no need to group the whole thing.

Being a member of a class does not make a host "known", only a host
statement makes a host "known" so that it can match 'deny unknown
clients' for example.

Usual practise is to have class and subnet in the global scope, eg:

class "voip-phones" {
  match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
  or
  substring (option vendor-class-identifier, 0, 10) = "ATA188-H17";
  # can set any options that are specific to the viop-phones class,
  # eg boot files or lease times. 
} ## ends class voip-phones

group {

subnet 10.183.50.0 netmask 255.255.255.0 {
  pool {
    range 10.183.50.4 10.183.50.254;
    option routers 10.183.50.1;
    allow members of "voip-phones"; # explicitly denies everyone else
  } # end pool
}  ## end subnet

} ## ends group 

regards,
-glenn

>Date: Thu, 15 Nov 2007 13:06:41 -0500
>From: "Tom Greaser" <tgreaser at hsc.wvu.edu>
>To: <dhcp-users at isc.org>
>Subject: Re: dhcp classes help
>
>I think i got it (will test in lab) but still wanted to see 
>if anyone thinks im shooting myself in the foot
>
>group {
>options n stuff
>
>boot-unknown-clients false;
>class "voip-phones" {
>
>match if substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
or
>substring (option vendor-class-identifier, 0, 10) = "ATA188-H17"; 
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
>        range 10.183.50.4 10.183.50.254;
>        option routers 10.183.50.1;
>   }  ## end subnet
> 
>} ## ends class voip-phones
>} ## ends group 
>
> 
>>>> "Tom Greaser" <tgreaser at hsc.wvu.edu> 11/14/07 4:55 PM >>> 
>Im wanting to setup a match for the vendor info
>to allow voip phones and ata to work but deny any pc that
>may get into those networks from picking up an ip
>
>Im new to classes / subclasses / matching so i thought i would shoot this 
>to the group and see if anyone would direct me into a better way of doing thing
>(not afraid to pickup a book / man dhcp* )
>
>
>group {
>
>## voip phones
>
>option domain-name-servers ;
>authoritative;
>option ntp-servers ;
>option log-servers ;
>option option-150 ;
>option tftp-server-name "";
>dhcp-renewal-time 86400; ## 1day
>default-lease-time 2592000;  ##1 month
>max-lease-time 2592000;   ##1 month
>ddns-updates off;
>boot-unknown-clients false;
>
>class "voip-phones" {
>
>match if (substring (option vendor-class-identifier, 0, 31) = "Cisco Systems, Inc. IP Phone CP" 
) or
>	 (substring (option vendor-class-identifier, 0, 10) = "ATA188-H17");
>
>
>subnet 10.183.50.0 netmask 255.255.255.0 {
>   allow members of "voip-phones";
>        range 10.183.50.4 10.183.50.254;
>        option routers 10.183.50.1;
>   }  ## end subnet
>
>50 other subnet statements later
>
>
>    } ## end class
>} ## end group
>
>
>
>
>
>

More information about the dhcp-users mailing list