To have various IP ranges in the same subnet and assign the IP Address depending of the device type that sends the request.

Mon Aug 5 09:13:19 UTC 2019

Juan Antonio García Moreno <jagarcia at emergya.com> wrote:
> I'm testing this:

And finding that it doesn't do what you expect !

> ###############################################################
> class "smartphones" {
>   match if option vendor-class-identifier = "android-dhcp-9";
> }
> 
> subnet 10.53.0.0 netmask 255.255.0.0 {
> 
>   default-lease-time 86400;
>   max-lease-time 172800;
> 
>   option broadcast-address 10.53.255.255;
>   option routers 10.53.1.1;
> 
>   # Unknown Clients Range.
>   pool {
>     deny known-clients;
>     range 10.53.33.1 10.53.35.254;
>   }
> ..
>   # Smartphones Range.
>   pool {
>     allow members of "smartphones";
>     deny known-clients;
>     range 10.53.10.2 10.53.11.254;
>   }..
> ###############################################################
> 
> My smartphone have a IP from "range 10.53.33.1 10.53.35.254;"
> 
> To test if the classification work, I turn off the WIFI of my smartphone, wait some seconds and turn on the WIFI again, but the WIFI get the same IP that it had previously from "range 10.53.33.1 10.53.35.254;".
> 
> Can you tell me how I can test this config correctly?

Two things :

If you refer to man dhcpd.conf you'll see that a "known" client is one that has a host declaration. Since you have no known clients, all of them are unknown and you cannot separate clients into pools using (un)known-client.

DO NOT MIX ALLOW AND DENY ! They do not work as most people expect them to (specifically they are **NOT** evaluated top-down as a list, stopping at the first match), and rather than working out what the mix does, simply use only allow or only deny. If you use an allow statement, then anything not allowed is automatically disallowed (an implicit "deny all"). Similarly, if you use a deny statement, then anything not denied is automatically allowed (implicit "allow all").

So you probably want to do this :

  # Unknown Clients Range.
  pool {
    deny members of "smartphones";
    # Note that he use of deny here implicitly allows everything else
    range 10.53.33.1 10.53.35.254;
  }
..
  # Smartphones Range.
  pool {
    allow members of "smartphones";
    # Note that the allow statement here implicitly denies everything else
    range 10.53.10.2 10.53.11.254;
  }..

When you expand you config, you'll end up with :
  # Unknown Clients Range.
  pool {
    deny members of "smartphones";
    deny members of "tablets";
    deny members of "laptops";
    range 10.53.33.1 10.53.35.254;
  }
AFAIK there is no easier way to do this bit other than listing all the classes that can't use the pool. You do have to explicitly deny the classes here, otherwise members of them are still allowed to have addresses from that pool.