matching class to pool
Glenn Satchell
glenn.satchell at uniq.com.au
Tue Jul 6 15:04:36 UTC 2010
On 07/07/10 00:12, Adam Moffett wrote:
>
>
> The next thing is what if someone's wireless station is bridged to a LAN
> (whether maliciously or accidentally) and their LAN uses up my entire
> DHCP pool. Since I also get a unique option 82 remote-id for each
> wireless station, it seems like a spawning class with a lease limit
> should prevent that problem. So in this example:
>
> class "OfficeAP" {
> match if option agent.circuit-id=a:0:3e:d4:60:73;
> spawn with option agent.remote-id;
> lease limit 1;
> }
>
> Would this limit the entire OfficeAP class to 1 lease, or would each
> spawned class get 1 lease?
>
This is from dhcpd.conf:
class "customer" {
spawn with option agent.circuit-id;
lease limit 4;
}
Now whenever a request comes in from a customer site, the
circuit ID option will be checked against the class's hash
table. If a subclass is found that matches the circuit ID,
the client will be classified in that subclass and treated
accordingly. If no subclass is found matching the circuit
ID, a new one will be created and logged in the dhcpd.leases
file, and the client will be classified in this new class.
Once the client has been classified, it will be treated
according to the rules of the class, including, in this
case, being subject to the per-site limit of four leases.
My reading is that for your case it is exactly like the above scenario,
apart from selecting which clients will be members of the officeap
class. So a new sub-class is spawned for each option agent.remote-id,
and in your case this new sub-class inherits the lease limit 1 setting.
regards,
-glenn
More information about the dhcp-users
mailing list