Wrong gateway when using class in a subnet

jeffrey j donovan donovan at beth.k12.pa.us
Fri Jun 1 14:52:43 UTC 2012 

On Jun 1, 2012, at 8:59 AM, Randall C Grimshaw wrote:

> Correct, but to be precise the allow/deny is part of a pool definition that *is* a valid part of a subnet definition. For my needs the class he describes required a third pool definition.... [quietly singing] and the ham bone connects to the backbone...
> 
> 

here is a sample of of multiple vendor classes inside and outside scope. There should be multiple allow/deny statements. Similar to a firewall, to tailor your requests; here is a simple example;
##sample

class "vendor-class" {
		match option vendor-class-identifier;}

class "ALCATEL-iptouch" {
        match if substring (option host-name,0,15) = "ALCATEL-iptouch";        
}
class "FHS" {
        match if substring (option host-name,0,3) = "FHS"
         or substring (option host-name,0,3) = "CFF";        
}
class "somePhones" {
		match if substring (hardware, 1,3) = 00:e0:bb;
}
class "smartphones" {
		match if substring (hardware, 1,3) = 00:25:57
		 or substring (hardware, 1,3) = 00:26:b0
}

class "ipod" {
		match if substring (hardware, 1,3) = 8c:7b:9d
		 or substring (hardware, 1,3) = 00:26:b0
}

# subnet 10.10.x.x
subnet 10.10.0.0 netmask 255.255.0.0 {
  subclass "vendor-class" "ArubaAP" {
  option vendor-class-identifier "ArubaAP";
  option serverip 10.1011.1;
  	}
  	pool {
		allow members of "ALCATEL-iptouch";
		allow members of "somePhones";
		deny members of "FHS";
		deny members of "smartphones";
		deny members of "ipod";
		option routers 10.10.1.1;
		option domain-name-servers 10.101.21;
		range 10.10.7.1 10.10.7.254;
		next-server 10.10.7.31;
		option vendor-encapsulated-options 0A:23:07:1F;
		option tftp-server-name "10.10.7.31";
		option domain-name-servers 10.101.21;
		}

	pool {
		allow members of "smartphones";
		allow members of "ipod";
		allow members of "FHS";
		deny members of "ALCATEL-iptouch";
		deny members of "somePhones";
  		range 10.10.11.10 10.10.19.250;
  		option routers 10.10.1.1;
  		option domain-name-servers 10.101.21;
  		option domain-name "example.com";
  		max-lease-time 300;
		}

	#miscreant_alley
	pool {
		deny members of "FHS";
		deny members of "ALCATEL-iptouch";
		deny members of "somePhones";
		deny members of "smartphones";
		deny members of "ipod";
  		range 10.10.26.1 10.10.36.254;
  		option routers 10.10.1.1;
  		option domain-name-servers 10.101.21;
  		option domain-name "example.com";
  		max-lease-time 3600;
		}

}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120601/c2ab849b/attachment.html>

More information about the dhcp-users mailing list