pxe clients and pools

Simon Hobson dhcp1 at thehobsons.co.uk
Sat Oct 15 18:49:02 UTC 2016 

Brendan Kearney <bpk678 at gmail.com> wrote:

> ...  take the below config:
> 
> subnet 192.168.1.0 netmask 255.255.255.0 {
> ...
>       pool {
>                # KNOWN HOSTS - COMPUTERS
>                # HOSTS IN THIS POOL MUST USE THE PROXY FOR INTERNET ACCESS, PER FIREWALL POLICY
>                class "MSFT" {
>                        match if option vendor-class-identifier ~= "^MSFT";
>                        vendor-option-space MSFT;
>                        option MSFT.disable-netbios 2;
>                }
>                range 192.168.1.50 192.168.1.99;
>                allow members of "proxied-clients";
>                failover peer "dhcp-failover";
>        } # END POOL
> 
>        pool {
>                # KNOWN HOSTS - GADGETS
>                # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
>                #max-lease-time 300;
>                class "MSFT" {
>                        match if option vendor-class-identifier ~= "^MSFT";
>                        vendor-option-space MSFT;
>                        option MSFT.disable-netbios 2;
>                }
>                range 192.168.1.100 192.168.1.149;
>                allow members of "unproxied-clients";
>                failover peer "dhcp-failover";
>        } # END POOL
> 
>        pool {
>                # UNKNOWN HOSTS
>                # HOSTS IN THIS POOL CAN USE THE PROXY FOR INTERNET ACCESS, BUT DO NOT HAVE TO, PER FIREWALL POLICY
>                #max-lease-time 300;
>                class "MSFT" {
>                        match if option vendor-class-identifier ~= "^MSFT";
>                        vendor-option-space MSFT;
>                        option MSFT.disable-netbios 2;
>                }
>                range 192.168.1.150 192.168.1.199;
>                allow unknown-clients;
>                failover peer "dhcp-failover";
>        } # END POOL
> 
>        pool {
>                # PXE BOOT HOSTS
>                # HOSTS IN THIS POOL ARE BOOTED FROM THE PXE SERVER
>                #max-lease-time 300;
>                # allow booting;
>                # allow bootp;
>                class "pxe-clients" {
>                        match if substring(option vendor-class-identifier, 0, 9) = "PXEClient";
>                        next-server tftp.bpk2.com;
>                        filename "linux-install/pxelinux.0";
>                }
>                range 192.168.1.200 192.168.1.249;
>                failover peer "dhcp-failover";
>        } # END POOL
> } # END SUBNET
> 
> i built a machine, and it is defined as a member of the "proxied-clients" subclass, based on hardware identifier or mac address.  what happens is NetworkManager issues a DHCPREQUEST for the IP it has or had last.  Even if i were to clear the leases from the dhcp servers, NM would still request an IP from the pxe client range.

My "bible"* is at work, so I can't check - but IIRC class statements are global in scope. Putting them inside a subnet or pool declaration doesn't work - and IIRC can create some very strange inheritance effects. So move them all to the global scope, and have one, and only one, class definition of any name.

Also, several of your pools are lacking allow/deny statements. Don't mix allow & deny in one pool as the results are "non-intuitive". If you allow members of one class, then implicitly, anything not in that class is denied.


* The DHCP Handbook by Ralph Droms and Ted Lemon

More information about the dhcp-users mailing list