Diferent dhcp relay

André netriver at gmail.com
Sat Oct 15 23:20:46 UTC 2011 

Hello,

Looks like one problem was that the members of c3 were entering in the pool
10.2.x that had specified deny unknown-clients
the client was unknown so it was "rejected" and didn't go into the next
x.x.48.x pool no idea why.

I solved the issue with "deny members of "c3"" and removing the "deny
unknown-clients"

Sorry for just saying this now but I wasn't sure it had worked and needed to
test it a bit more.

Thank you for your help.

Best regards,
FR

On Wed, Oct 12, 2011 at 1:03 AM, André <netriver at gmail.com> wrote:

> I'm using gmail to reply to the list and I'm getting messages digest so it get's dificult to
> reply in a good method, I'll just remove the extra text sorry about this.
>
> I tryed doing
> class "c3" {
>
> match if binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)) = "99" and
>      (
>      binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)) != "65" and
>
>      binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)) != "1"
>      );
>  log (info,
>      concat (
>      # "HOSTNAME: ", host-decl-name, " on ",binary-to-ascii (10, 8, ".", leased-address)," at ",
>
>      binary-to-ascii(10, 16, "", substring( option agent.circuit-id,2 ,2)), " + ",
>
>      binary-to-ascii (16, 8, ":", substring (hardware, 1, 6))
>      )
>     );
> }
>
> My cable modem and cpe hit this class "c3"
>
> my cable modem belongs also to "online" class and hist a "known client" in the logs
> I can confirm that cpe hits this.
>
> In the pools I have deny members of "c3"
> and in the pool for x.x.48.x I have
>
> allow members of "c3";
>
> allow members of "online";
> deny members of "CM";
>
> My cpe is getting a "unknown client" in the logs no longer get's a different IP
> I'm not sure if I understoud what you explained bellow since I don't fill that my
>
> interpreation above is "correct". If agent circuit-id is 99 then it can't be anything else
> so it should match.
>
> Should I be using spawn with option agent.remote-id ?
> (didn't work)
> Doing this will not associate class c3 and class online ?
>
> Even if it does inside the pool of x.x.48.x I am allowing
> both.
>
> Best regards,
> FR
>
>
>
> André wrote:
>
> >*And in the pool of the subnets I specified before allow members of "online";*>*deny members of "c3";*
>
> That might be part of your problem, mixing allow
> and deny generally doesn't work as you might
> expect and general advice is just not to do it.
>
> 'allow members of "a"' will implicitly deny any
> client not a member of a. If you want to allow
> members of one class who aren't also members of
> another, then you are better off creating a new
> class. Eg :
>
> class "a"
>    match if "condition a"
>
> class "b:
>    match if "condition b"
>
> pool
>    allow members of "a"
>    deny members of "b"
>
> probably won't do what you want. You could rewrite that as :
>
> class c
>    match if "condition a and not condition b"
>
> pool
>    allow members of "c"
>
> --
> Simon Hobson
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20111016/23618220/attachment.html>

More information about the dhcp-users mailing list