Class match and known

Andre Schubert andre at km3.de
Fri Mar 19 08:11:33 UTC 2010


Hi,

On Thu, 18 Mar 2010 16:37:52 -0700
"David W. Hankins" <dhankins at isc.org> wrote:

> On Mon, Mar 15, 2010 at 10:28:07AM +0100, Andre Schubert wrote:
> > class "ff:00:00:00:01:11" {
> >     match if substring(option agent.remote-id,0,6) = ff:00:00:00:01:11 and known;
> > }
> > 
> > But the class statement does not match.
> > 
> > What iam doing wrong here?
> 
> The easiest way to debug a class match is to use log() to present to
> the log the information the client's packet is presenting and compare
> it to what you think it should read as.
> 
>   log(debug, concat("option agent.remote-id[0..6] = ",
> 		    binary-to-ascii(16, 8, ":",
> 			            substring(option agent.remote-id,
> 					      0, 6))));
>   class "ff:00:00:00:01:11" {
>      match if substring(option agent.remote-id,0,6) = ff:00:00:00:01:11 and known;
> 
>     log(debug, "Class 'ff:00:00:00:01:11' matched!");
>   }
> 
> You can then compare the logged option agent.remote-id with the
> right hand value you have configured in the class and confirm they
> match.
> 
> 
> HOWEVER.
> 
> I think by context with the subject line, you mean the class statement
> is not matching a known/unknown ACL somewhere else in your config.
> 
> This is correct; class statements do not change known statements, only
> host record matches affect known/unknown status.  Class matches can
> only be used in ACL's by specifically referring to their name
> ("members of x").
> 

Ok, what i want is a class that is matched if the client is known.
I have the following config snipped:

host test {
    hardware ethernet 00:1e:69:a9:c6:05;
    fixed-address 10.0.5.250;
}
class "match-known" {
    match if known;
    log(info,"match-known");
}
class "match-unknown" {
    match if not known;
    log(info,"match-unknown");
}
subnet 10.0.5.0 netmask 255.255.255.0 {
    authoritative;
}

But i see this in the logs:

match-unknown
DHCPDISCOVER from 00:1e:69:a9:c6:05 via 192.168.128.150
DHCPOFFER on 10.0.5.250 to 00:1e:69:a9:c6:05 via 192.168.128.150
match-unknown
DHCPREQUEST for 10.0.5.250 from 00:1e:69:a9:c6:0 via 192.168.128.150
DHCPACK on 10.0.5.250 to 00:1e:69:a9:c6:05 via 192.168.128.150

It seems that the match-clause inside the 2 classes
works not properly, even though the client is known.

Best Regards,
Andre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100319/3e22f376/attachment.bin>


More information about the dhcp-users mailing list