Need vendor class identifier advice
Doug Barton
dougb at dougbarton.us
Fri Sep 13 21:13:21 UTC 2013
Current client has a lot of Cisco phones of various ages, models, etc.;
and users who can't figure out which LAN ports to plug them into. So
they tried to set up a vendor match class to deny the phones getting
addresses if they are plugged into the wrong VLAN, but it's not working
(or at least, it's not working thoroughly, some phones are still getting
addresses on the wrong VLANs).
The match class that they have expands out as follows in the dhcpd.conf
file:
class "IPPHONE"
{
match substring (option vendor-class-identifier, 0, 28);
}
subclass "IPPHONE" "Cisco Systems, Inc. IP Phone";
According to the research I've done so far that will match some (most?)
phones, but there is another string that they can send, "Cisco IP Phone
...". The problem I'm seeing is that if I define a vendor class with a
certain substring match length I can't then add a match class value of a
shorter length (which makes sense of course); and the 14 characters of
"Cisco IP Phone" isn't enough of a discriminator for the longer string.
I could create 2 match classes and put 'deny class members of' options
in for both of them, but that seems inefficient. :) I'm trying to write
a custom boolean match like this:
match if substring (option vendor-class-identifier,0,28) = "Cisco
Systems, Inc. IP Phone" or substring (option
vendor-class-identifier,0,14) = "Cisco IP Phone";
But I haven't been able to figure out a syntax for this kind of match
that will actually work. I also tried this:
match if option vendor-class-identifier =~ "Cisco *IP Phone";
Same issue. Any suggestions welcome.
(BTW, MAC addresses aren't a viable solution here, long story)
Doug
More information about the dhcp-users
mailing list