global config to force phone to use private subnet in shared-network environment

Jason Gerfen jason.gerfen at gmail.com
Wed Jul 20 18:16:16 UTC 2011 

On Wed, Jul 20, 2011 at 11:54 AM, Sue True <bloomingtonian at gmail.com> wrote:
>
> So is there other way to accomplish what I am trying to do here, we have
> hundreds shared-networks, phone will be deployed on most of the networks and
> assigned from 10.10.x.x subnet.
>
> So I try to avoid adding 'allow/deny' to each network if there globally
> option can do that, I thought about doing it using class, like this, but not
> sure how:
>
> class "i2004-clients" {
>  match if substring(option vendor-class-identifier, 0, 14) =
> "Nortel-i2004-A" ;
>
>  ##only allow 10.10.x.x address?
> }
>
> Thanks!
> Sue
>
>
> On Wed, 20 Jul 2011, Randall C Grimshaw wrote:
>
>> The short answer is no.
>> The allow / deny rules control pool access... there is no global pool that
>> would span all subnets - if you see what I mean. In addition, there is an
>> issue with windows behavior as subsequent to obtaining the lease it does
>> some network discovery using DHCP inform requests. If you do have any global
>> values set such as DNS servers... any subnet local values provided to
>> support i.e. a landing page for your private network will be overridden.
>>
>> Randall Grimshaw rgrimsha at syr.edu
>> ________________________________________
>> From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org
>> [dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] On Behalf Of Sue True
>> [bloomingtonian at gmail.com]
>> Sent: Wednesday, July 20, 2011 11:56 AM
>> To: Users of ISC DHCP
>> Subject: global config to force phone to use private subnet in
>> shared-network   enviroment?
>>
>> Greetings,
>>
>> I've been trying to get this work with no luck, so I'll ask the list to
>> see if it's possible.
>>
>> In our config, we usually have two subnets in a shared-network, one is
>> private(10.10.x.x) used for phones, the other is public, right now we have
>> class defined for phone, and config 'allow/deny member' to each
>> private/public subnet so phones pickup address from 10.10 network only.
>>
>> Since we have hundreds of networks and I wonder if there is a way achieve
>> the above using global option, I've tried
>>
>> if binary-to-ascii(10,8,".",substring(leased-address,0,2)) = "10.10" {
>>    allow members of "i2004-clients";
>> }else{
>>    deny members of "i2004-clients";
>> }
>>
>> But got error:
>> /etc/dhcpd/dhcpd.conf line 147: expecting allow/deny key
>>    deny members
>>
>>
>>
>> Thanks in advance..
>> Sue
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>


If you use a class you can define it to match as you have shown, the
use the allow per subnet definition.


-- 
Jas

More information about the dhcp-users mailing list