Class match and known
Andre Schubert
andre at km3.de
Fri Mar 19 08:11:33 UTC 2010
Hi,
On Thu, 18 Mar 2010 16:37:52 -0700
"David W. Hankins" <dhankins at isc.org> wrote:
> On Mon, Mar 15, 2010 at 10:28:07AM +0100, Andre Schubert wrote:
> > class "ff:00:00:00:01:11" {
> > match if substring(option agent.remote-id,0,6) = ff:00:00:00:01:11 and known;
> > }
> >
> > But the class statement does not match.
> >
> > What iam doing wrong here?
>
> The easiest way to debug a class match is to use log() to present to
> the log the information the client's packet is presenting and compare
> it to what you think it should read as.
>
> log(debug, concat("option agent.remote-id[0..6] = ",
> binary-to-ascii(16, 8, ":",
> substring(option agent.remote-id,
> 0, 6))));
> class "ff:00:00:00:01:11" {
> match if substring(option agent.remote-id,0,6) = ff:00:00:00:01:11 and known;
>
> log(debug, "Class 'ff:00:00:00:01:11' matched!");
> }
>
> You can then compare the logged option agent.remote-id with the
> right hand value you have configured in the class and confirm they
> match.
>
>
> HOWEVER.
>
> I think by context with the subject line, you mean the class statement
> is not matching a known/unknown ACL somewhere else in your config.
>
> This is correct; class statements do not change known statements, only
> host record matches affect known/unknown status. Class matches can
> only be used in ACL's by specifically referring to their name
> ("members of x").
>
Ok, what i want is a class that is matched if the client is known.
I have the following config snipped:
host test {
hardware ethernet 00:1e:69:a9:c6:05;
fixed-address 10.0.5.250;
}
class "match-known" {
match if known;
log(info,"match-known");
}
class "match-unknown" {
match if not known;
log(info,"match-unknown");
}
subnet 10.0.5.0 netmask 255.255.255.0 {
authoritative;
}
But i see this in the logs:
match-unknown
DHCPDISCOVER from 00:1e:69:a9:c6:05 via 192.168.128.150
DHCPOFFER on 10.0.5.250 to 00:1e:69:a9:c6:05 via 192.168.128.150
match-unknown
DHCPREQUEST for 10.0.5.250 from 00:1e:69:a9:c6:0 via 192.168.128.150
DHCPACK on 10.0.5.250 to 00:1e:69:a9:c6:05 via 192.168.128.150
It seems that the match-clause inside the 2 classes
works not properly, even though the client is known.
Best Regards,
Andre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100319/3e22f376/attachment.bin>
More information about the dhcp-users
mailing list