some problems with classes

Fri Nov 6 17:39:53 UTC 2015

On Nov 4, 2015, at 5:03 AM, Andreas Burger <andreas at ethz.ch> wrote:

> hi there,
> 
> i got some good hints to my last questin, but i ran in problems.
> 
> what i have:
> multiple subnets in more then one logical sets.
> clients get ips from dhcp but fixed by mac-address, when they are at the normal place.
> 
> if they show up somewhere else, they should get an ip from a range, but only if they belong to the same logical set.
> 
> so i tried:
> (part from dhcpd.conf)
> 
> class "agrl" {
> }
> ...
> 
> subnet xxxx netmask 2xxx {
> option subnet-mask xxx0;
> option routers xxx;
> option time-servers xxx;
> get-lease-hostnames on;
> use-host-decl-names on;
> pool {
>  failover peer "hest-dhcp";
>  allow mebers of "agrl";
>  deny unknown clients;
>   range xy xz;
> }
> }
> ....
> 
> subclass "agrl" 1:10:9a:dd:5a:5d:c4;
> host em132-88 { hardware ethernet 10:9a:dd:5a:5d:c4; fixed-address xx;...  }
> 
> 
> 
> 
> first i had the subclass after the hostdefinition, and that did not work, as the host-definition fits and the file is not parsed longer.
> 
> now i can see, that hosts not part of "agrl" do not get an ip, as wanted.
> 
> BUT. it seems, as the hosts became ips from the pool instead of their ip in the host-statement.
> 
> any hints?
> 
> regards
> andreas
> 

We regularly use host statements whose IPs are on the same subnets as pools
that allow the mac address (in our case, with “allow known”) and all works,
i.e. the client gets the static IP.
The only problem I recall is getting a client to switch out of the pool
when we add the host entry while the client is currently using
the pool.  Subsequent renewal requests are not rejected.  In our case,
the pool needs a deny (for us, ‘deny known’) to make the client switch.

FYI, admins generally use ‘allow’ or ‘deny’ for a pool but not both;
with just one, the other is implied for all other clients.
But there is a defined action for a pool with both: if a pool has both an
‘allow’ and a ‘deny’, a client fitting both is denied, as per the
dhcpd.conf man page:

>  If a pool has a permit list, then only those
> clients that match specific entries on the permit list will be
> eligible to be assigned addresses from the pool.  If a pool has a
> deny list, then only those clients that do not match any entries on
> the deny list will be eligible.   If both permit and deny lists exist
> for a pool, then only clients that match the permit list and do not
> match the deny list will be allowed access.

John Wobus
Cornell U IT