Problem with class definition
Glenn Satchell
glenn.satchell at uniq.com.au
Tue Sep 7 16:15:12 UTC 2010
On 09/08/10 02:00, კონსტანტინე ქაროსანიძე wrote:
> Hello,
>
> I run dhcp for my clients (i'm sysadmin at ISP) and using option 82 to
> identify requests and assign corresponding ip to client but now i have
> case that I cant use option 82 (because of some network topology option
> 82 is not added to request)
>
> Solution was to identify clients by source address from where request
> comes. (actually from ip assigned to that vlan on cisco switch, vlan
> gateway)
>
> after lots of tries I figured out following config:
>
> class "ADSL_Universal_34" {
> match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf1" );
> log(info, "matched class ADSL_Universal_34");
> log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
> 8, "", packet(24,4))));
> log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
> }
>
> class "ADSL_Universal_35" {
> match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );
> log(info, "matched class ADSL_Universal_35");
> log(info, concat("matched class gateway, IP: ",binary-to-ascii(16,
> 8, "", packet(24,4))));
> log(info, concat("matched class gateway, No Binary: ",packet(24,4)));
> }
>
> subnet 94.137.191.0 netmask 255.255.255.128
> {
>
> pool {
> option subnet-mask 255.255.255.192;
> option routers 94.137.191.1;
> option ip-forwarding FALSE;
> deny unknown-clients;
> allow members of "ADSL_Universal_34";
> range 94.137.191.2 94.137.191.5;
> }
>
> pool {
> option subnet-mask 255.255.255.192;
> option routers 94.137.191.65;
> option ip-forwarding FALSE;
> deny unknown-clients;
> allow members of "ADSL_Universal_35";
> range 94.137.191.66 94.137.191.70;
> }
> }
>
> where 5e89bf41 and 5e89bf1 are gateway ip addresses in hex. While using
> this config strange thing happens.
>
> when i use
>
> deny unknown-clients;
> allow members of "ADSL_Universal_35";
>
> this directives for matching class to pool nothing works but it's
> enought for me to remove this lines from config and in log file I see
> that incomming requests are matched to class.
>
> Sep 7 18:36:04 dhcp dhcpd: matched class ADSL_Universal_35
> Sep 7 18:36:04 dhcp dhcpd: DHCPINFORM from 94.137.191.2 via 94.137.191.65
> Sep 7 18:36:04 dhcp dhcpd: DHCPACK to 94.137.191.2 (d8:d3:85:21:3f:f3)
> via em0
>
> but if i uncomment above two lines I have nothing logged and no ip
> addresses assigned.
>
> I know that it is not good solution and is just a workaround of problem
> but I need to make it working.
>
> Any ideas how to fix?
>
> Best Regards,
> Konstantine Karosanidze,
>
> CAUCASUS ONLINE ISP
> System Administrator
>
It's enough to just say 'allow members of ...' and that will deny all
other devices. A client identified by a class is still an unknown client.
Also instead of
match if ( binary-to-ascii(16, 8, "", packet(24,4)) = "5e89bf41" );
you can be slightly more efficient and say:
match if ( packet(24,4)) = 5e:89:bf:41 );
But I am a bit confused by your subnet definition. In the subnet you set
a /25 subnet mask, but then in the pool it's different?
--
regards,
-glenn
--
Glenn Satchell | Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia | do at work Dad?
mailto:glenn.satchell at uniq.com.au | Miss 6: He just
http://www.uniq.com.au tel:0409-458-580 | types random stuff.
More information about the dhcp-users
mailing list