global config to force phone to use private subnet in shared-network environment

Fri Jul 22 12:14:47 UTC 2011

It's a circular reference or a chicken and egg problem if you think 
about it.

You want all devices with an ip address of 10.10.x.x to be members of 
particular pools. But being a member of the pool defines the ip range 
assigned to devices in the first place. So what comes first? The 
assigned ip address (assumes being a member of the pool) or being a 
member of the pool (assumes it already has the ip address)? :)

regards,
-glenn

On 07/22/11 00:28, Sue True wrote:
>
> We have all of our dhcp configuration generated from database except the
> core dhcpd.conf, we have over 1000 shared-networks and over 2000
> subnets, and all changes made to network/subnet/pool are done through
> script.
>
> I thought it'll be nice if I could just do it once as global option and
> don't have to make many pool level changes but now looks like the config
> has to be added to each pool.
>
> Thanks all for the help.
> Sue
>
> On Thu, 21 Jul 2011, Glenn Satchell wrote:
>
>> Hi Sue
>>
>> So you want to allow or deny a particular class in some of the pools
>> in your definition, right? So if you think about it, you have to list
>> the pools and whether the class is allowed in each. The only logical
>> way to do this is in each pool.
>>
>> If you have hundreds of networks have you thought of using a script
>> based method of generating your configuration file? Maybe a script
>> that writes out a file that can be included in dhcpd.conf that lists
>> all the shared-networks?
>>
>> regards,
>> -glenn
>>
>> On 07/21/11 03:54, Sue True wrote:
>>>
>>> So is there other way to accomplish what I am trying to do here, we have
>>> hundreds shared-networks, phone will be deployed on most of the networks
>>> and assigned from 10.10.x.x subnet.
>>>
>>> So I try to avoid adding 'allow/deny' to each network if there globally
>>> option can do that, I thought about doing it using class, like this, but
>>> not sure how:
>>>
>>> class "i2004-clients" {
>>> match if substring(option vendor-class-identifier, 0, 14) =
>>> "Nortel-i2004-A" ;
>>>
>>> ##only allow 10.10.x.x address?
>>> }
>>>
>>> Thanks!
>>> Sue
>>>
>>>
>>> On Wed, 20 Jul 2011, Randall C Grimshaw wrote:
>>>
>>>> The short answer is no.
>>>> The allow / deny rules control pool access... there is no global pool
>>>> that would span all subnets - if you see what I mean. In addition,
>>>> there is an issue with windows behaviour as subsequent to obtaining the
>>>> lease it does some network discovery using DHCP inform requests. If
>>>> you do have any global values set such as DNS servers... any subnet
>>>> local values provided to support i.e. a landing page for your private
>>>> network will be overridden.
>>>>
>>>> Randall Grimshaw rgrimsha at syr.edu
>>>> ________________________________________
>>>> From: dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org
>>>> [dhcp-users-bounces+rgrimsha=syr.edu at lists.isc.org] On Behalf Of Sue
>>>> True [bloomingtonian at gmail.com]
>>>> Sent: Wednesday, July 20, 2011 11:56 AM
>>>> To: Users of ISC DHCP
>>>> Subject: global config to force phone to use private subnet in
>>>> shared-network enviroment?
>>>>
>>>> Greetings,
>>>>
>>>> I've been trying to get this work with no luck, so I'll ask the list to
>>>> see if it's possible.
>>>>
>>>> In our config, we usually have two subnets in a shared-network, one is
>>>> private(10.10.x.x) used for phones, the other is public, right now we
>>>> have
>>>> class defined for phone, and config 'allow/deny member' to each
>>>> private/public subnet so phones pickup address from 10.10 network only.
>>>>
>>>> Since we have hundreds of networks and I wonder if there is a way
>>>> achieve
>>>> the above using global option, I've tried
>>>>
>>>> if binary-to-ascii(10,8,".",substring(leased-address,0,2)) = "10.10" {
>>>> allow members of "i2004-clients";
>>>> }else{
>>>> deny members of "i2004-clients";
>>>> }
>>>>
>>>> But got error:
>>>> /etc/dhcpd/dhcpd.conf line 147: expecting allow/deny key
>>>> deny members
>>>>
>>>>
>>>>
>>>> Thanks in advance..
>>>> Sue
>>>> _______________________________________________
>>