To add some filter rules in conf file
Simon Hobson
dhcp1 at thehobsons.co.uk
Thu Oct 15 14:47:14 UTC 2009
Ashmath Khan wrote:
>3. Say I have this rule below: And rule1 passes, rule2 fails, and I
>saw that it doesn't go into third pool i.e, rule2 deny one, which
>seems to be correct. It means once it finds a pool match, then it
>won't evaluate other pools. Is this understanding correct ?
No.
In this example, the client could get an address from the 1st pool
(allow members of "rule1") OR the 3rd pool (deny members of "rule2")
- and in the general case it is not determinate which it will get.
There are some rules that will apply :
If the client has previously had an address in either pool then it
will continue to get that address.
If it has never had an address and both pools had "never previously
used" address(es) then it would get an address from pool 3 because of
an undocumented implementation detail that (at the moment) favours
high numbered addresses.
>class "rule1" {
>match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
>}
>
>class "rule2" {
>match if substring (option dhcp-option-overload, 0, 4) = "NSFT";
>}
>
>
>subnet 192.168.1.0 netmask 255.255.255.0 {
>
>pool {
>option router-discovery off;
>option domain-name-servers 192.168.1.254;
>range 192.168.1.66;
>allow members of "rule1";
>}
>
>pool {
>option router-discovery off;
>option domain-name-servers 192.168.1.111;
>range 192.168.1.100;
>allow members of "rule2";
>}
>
>pool {
>option router-discovery on;
>option domain-name-servers 192.168.1.222;
>option boot-size 512;
>range 192.168.1.200;
>deny members of "rule2";
>}
PS - can you cut the cross-posting and reply just to the list, I
don't need a separate private email.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list