Subnet assigment using subClass

Simon Hobson dhcp1 at thehobsons.co.uk
Tue Nov 25 18:58:22 UTC 2014 

Márcio Merlone <marcio.merlone at a1.ind.br> wrote:

> What happens is that the clsDesktop host  08:00:27:12:34:56 ends up on the unknown hosts subnet instead of the 10.1.1.0/24 as desired. First question: is a subClassed host a "known-host" so I can, for example, deny it on the pool declaration? Why does the host flees the clsDesktop pool declaration? What am I missing?
> 
> Appreciate if someone can enlighten me on the subject and how to achieve this goal.
...
> class "clsDesktop" {
>     match pick-first-value (option dhcp-client-identifier, hardware);
> }
> class "clsGuest" {
>     match pick-first-value (option dhcp-client-identifier, hardware);
> }
> 
> shared-network Foo {
>     subnet 10.1.1.0 netmask 255.255.255.0 {
>         pool {
>             allow members of "clsDesktop";
>             range 10.1.1.20 10.1.1.254;
>             }
>         }
>     subnet 10.0.0.0 netmask 255.255.255.0 {
>         pool {
>             allow members of "clsGuest";
>             range 10.0.0.46 10.0.0.254;
>             }
>         }
>     subnet 172.16.0.0 netmask 255.255.255.0 {
>         pool {
>             allow unknown-clients;
>             range 172.16.0.1 172.16.0.254;
>             }
>         }
>     }
> subclass "clsDesktop" 1:08:00:27:12:34:56 { }

Change the last one to :

    subnet 172.16.0.0 netmask 255.255.255.0 {
        pool {
            deny members of "clsDesktop";
            deny members of "clsGuest";
            range 172.16.0.1 172.16.0.254;
            }
        }
It's the easiest way to do it, AFAIK clients matching a class/subclass don't automatically become known. So simply deny members of each class that have other pools allocated to them.

Also, as an observation, for this subnet you don't have provision for a router - so clients will be broken (more than just in a walled garden"). You need a router with an IP address within each subnet - otherwise the client won't have any connectivity. Also, the client needs to be able to communicate with the DHCP server - either directly or via a relay agent. Since you've put all 254 available addresses int eh subnet within the pool, there isn't one left for a router or the server.


Bob Harold <rharolde at umich.edu> wrote:

> Not all clients send a dhcp-client-identifier, so try also listing the hardware address, and I think the semicolon is needed:
> 
> subclass "clsDesktop" 1:08:00:27:12:34:56;
> subclass "clsDesktop" 08:00:27:12:34:56;

I'm assuming that the example is a client that does - it's standard with Windows clients, not with Linux and Mac clients. It'll need inspection of the packets for other clients - and the subclass declaration set accordingly.
Or the config could be done with just the hardware address.

More information about the dhcp-users mailing list