Class detection problem
Glenn Satchell
Glenn.Satchell at uniq.com.au
Fri Dec 5 23:24:24 UTC 2008
>From: John Wobus <jw354 at cornell.edu>
>Subject: Re: Class detection problem
>Date: Fri, 5 Dec 2008 12:05:57 -0500
>To: Users of ISC DHCP <dhcp-users at lists.isc.org>
>X-BeenThere: dhcp-users at lists.isc.org
>
>
>On Nov 29, 2008, at 7:04 AM, Bernardo Pita wrote:
>
>> Hi, I have this simple configuration:
>>
>> subnet 10.197.0.83 netmask 255.255.255.255 { ignore booting; }
>>
>> class "test" {
>> match pick-first-value (option dhcp-client-identifier, hardware);
>> }
>>
>> subclass "test" 1:00:16:92:3d:d2:08;
>> subclass "test" 1:00:1b:d7:02:44:17;
>>
>> shared-network share {
>>
>> subnet 10.198.0.0 netmask 255.255.252.0 {
>> option routers 10.198.0.1;
>> pool {
>> range 10.198.0.5 10.198.3.254;
>> allow members of "test";
>> deny unknown clients;
>> }
>>
>> }
>>
>> }
>>
>>
>
>"deny" takes precedence over "allow" according to the dhcpd.conf man
>page:
>"If both permit and deny lists exist for a pool, then only
>clients that match the permit list and do not match the
>deny list will be allowed access."
>
>John Wobus
Matching a classs does not make the host "known", so it gets blocked by
the "deny unknown clients". The only way to make a host known is to add
it to a host statement.
Simon's earlier response was correct though, the deny isn't needed,
because anything that doesn't match the allow is specifically denied
anyway.
regards,
-glenn
More information about the dhcp-users
mailing list