Restricting leases
Patrick Trapp
ptrapp at nex-tech.com
Thu Jan 29 22:26:09 UTC 2015
Hmm...
I'm already using classes - this system encompasses dozens of subnets and there are two types of legit devices (plus those workstations mentioned earlier). I have include files for each geographic location and each include file has a class entry for device type A and another for device type B.
How will that interact with the OUI classes being proposed? Can I use AND in an allow statement? Or should I put the OUI classes as subclasses under the appropriate device type and match on the subclass instead? Wait - I might have answered my own question...
Patrick
________________________________________
From: dhcp-users-bounces at lists.isc.org [dhcp-users-bounces at lists.isc.org] on behalf of Simon Hobson [dhcp1 at thehobsons.co.uk]
Sent: Thursday, January 29, 2015 3:26 PM
To: Users of ISC DHCP
Subject: Re: Restricting leases
Everyone has to start somewhere ! If you want background reading, the "bible" is generally considered to be "The DHCP Handbook" by Ted Lemon and Ralph Droms, it covers the history, why, and how - though probably in much more detail than you need.
But, to expand on what Jason said, here are a few pointers :
1) You'll want to define a pool with appropriate "allow" conditions.
Don't try and mix allow and deny - it generally doesn't work as people expect !
If you have any allow statements, then anything not expressly allowed will be denied - and vice versa if you use a deny statement. You can use multiple allow statements which may well suit your needs.
2) If you simply want to permit every device with a particular OUI then you could use a class with a "match if" statement along the lines of "substring(hardware,1,3)=xx:yy:zz" (note that byte 0 of hardware will be 1 for an ethernet network and the MAC address is bytes 1 through 6).
If there are a lot of OUIs, then you could subclasses matching on the substring - I think. That would be "cleaner" and more efficient than multiple classes or a class with a long "if condition or condition or condition ...)" clause.
3) For the tech workstations, you could either use a class as above. Alternatively you could use a number of host statements and an "allow known hosts" in the pool. Note that hosts should be defined in the global scope (as should classes) - they are global in scope even if declared elsewhere which can cause some "interesting" inheritance problems.
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list