Can't get class "match if" to actually match...

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Can't get class "match if" to actually match...

Peter Rathlev
I can't get a "class" to actually match anything, and I'm not sure what
I'm doing wrong.

What I hope is the relevant config:

   # "Private" option to remember
   option X-Juniper-AP-Options code 250 = string;
   
   group {
     default-lease-time 604800; # 7 days
     max-lease-time 1209600; # 14 days
   
     option X-Juniper-AP-Options "Juniper-AP-Cluster-2";
     option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21,172.25.12.22";
     ping-check false;
     ddns-updates on;
     ddns-domainname "ap.net.example.com.";
     option domain-name "ap.net.example.com.";
     log(info, concat("test ", substring(vendor-class-identifier, 0, 12)));
     if (substring(vendor-class-identifier, 0, 12) = "WIRELESS-AP:") {
       if (config-option X-Juniper-AP-Options = "Juniper-AP-Cluster-2") {
         log(info, concat("this message appears in the log ", config-option X-Juniper-AP-Options));
       }
     }
     # G/E2, upper block
     subnet 10.227.52.0 netmask 255.255.255.0 { option routers 10.227.52.1; pool { range 10.227.52.10 10.227.52.239; failover peer "rmnet-failover"; } }
   }
   
   class "Juniper-WLC" {
     match if substring(vendor-class-identifier, 0, 12) = "WIRELESS-AP:";
     if (config-option X-Juniper-AP-Options = "Juniper-AP-Cluster-2") {
       log(info, "this message does not appear in the log");
       # option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21,172.25.12.22";
       option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21";
     }
   }


I serve up the relevant option (Vendor-specific-information/43) in both
the group block and the class in the configuration above, but when
commenting out the one in the group block the device never receives the
option at all.

The complete configuration is ~3500 lines so I'd rather not post it all,
but do tell me if something relevant is missing.

When using "if" statements in the group where the subnet declaration
resides, they match. When using similar "if" statements in a class
("match if ..." and a regular "if") they don't seem to match. The "log"
statement is never executed and the option is never sent (if commented
out in the group block).

I use a "private" config-option; this is used to select what options to
send in the class block. We use this approach in other places, though
not in an "if" statement, just via e.g.:

   class "Nexans-mikroswitche" {
     # Vendor-class identifier "266:063" er Nexans Gigaswitch 4-ports
     match if option vendor-class-identifier = "266:063";
     option tftp-server-name "10.85.12.200";
     option bootfile-name = concat("/NEXANS/",
       pick-first-value( concat(config-option X-MS-Block-ID, "/") , "" ),
       "NEXANS-",
       ucase ( concat (
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2),
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2),
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2),
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2),
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2),
         suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
       ) ),
       ".cfg"
     );
   }

This one works as expected.

So how is it that something that matches in the group block does not
match in the class statement? What am I doing wrong? :-)

And can I do something to debug/test apart from throwing in log
statements?

Thank you in advance!

--
Peter

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Can't get class "match if" to actually match...

Sten Carlsen
Just a quick first check:

I assume you did check that the actual packets contain that exact string
for the vendor-class-identifier?


On 17/04/15 14:32, Peter Rathlev wrote:

> I can't get a "class" to actually match anything, and I'm not sure what
> I'm doing wrong.
>
> What I hope is the relevant config:
>
>    # "Private" option to remember
>    option X-Juniper-AP-Options code 250 = string;
>    
>    group {
>      default-lease-time 604800; # 7 days
>      max-lease-time 1209600; # 14 days
>    
>      option X-Juniper-AP-Options "Juniper-AP-Cluster-2";
>      option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21,172.25.12.22";
>      ping-check false;
>      ddns-updates on;
>      ddns-domainname "ap.net.example.com.";
>      option domain-name "ap.net.example.com.";
>      log(info, concat("test ", substring(vendor-class-identifier, 0, 12)));
>      if (substring(vendor-class-identifier, 0, 12) = "WIRELESS-AP:") {
>        if (config-option X-Juniper-AP-Options = "Juniper-AP-Cluster-2") {
>          log(info, concat("this message appears in the log ", config-option X-Juniper-AP-Options));
>        }
>      }
>      # G/E2, upper block
>      subnet 10.227.52.0 netmask 255.255.255.0 { option routers 10.227.52.1; pool { range 10.227.52.10 10.227.52.239; failover peer "rmnet-failover"; } }
>    }
>    
>    class "Juniper-WLC" {
>      match if substring(vendor-class-identifier, 0, 12) = "WIRELESS-AP:";
>      if (config-option X-Juniper-AP-Options = "Juniper-AP-Cluster-2") {
>        log(info, "this message does not appear in the log");
>        # option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21,172.25.12.22";
>        option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21";
>      }
>    }
>
>
> I serve up the relevant option (Vendor-specific-information/43) in both
> the group block and the class in the configuration above, but when
> commenting out the one in the group block the device never receives the
> option at all.
>
> The complete configuration is ~3500 lines so I'd rather not post it all,
> but do tell me if something relevant is missing.
>
> When using "if" statements in the group where the subnet declaration
> resides, they match. When using similar "if" statements in a class
> ("match if ..." and a regular "if") they don't seem to match. The "log"
> statement is never executed and the option is never sent (if commented
> out in the group block).
>
> I use a "private" config-option; this is used to select what options to
> send in the class block. We use this approach in other places, though
> not in an "if" statement, just via e.g.:
>
>    class "Nexans-mikroswitche" {
>      # Vendor-class identifier "266:063" er Nexans Gigaswitch 4-ports
>      match if option vendor-class-identifier = "266:063";
>      option tftp-server-name "10.85.12.200";
>      option bootfile-name = concat("/NEXANS/",
>        pick-first-value( concat(config-option X-MS-Block-ID, "/") , "" ),
>        "NEXANS-",
>        ucase ( concat (
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2),
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2),
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2),
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2),
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2),
>          suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
>        ) ),
>        ".cfg"
>      );
>    }
>
> This one works as expected.
>
> So how is it that something that matches in the group block does not
> match in the class statement? What am I doing wrong? :-)
>
> And can I do something to debug/test apart from throwing in log
> statements?
>
> Thank you in advance!
>

--
Best regards

Sten Carlsen

No improvements come from shouting:

       "MALE BOVINE MANURE!!!"
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Can't get class "match if" to actually match...

Peter Rathlev
On Fri, 2015-04-17 at 15:31 +0200, Sten Carlsen wrote:
> I assume you did check that the actual packets contain that exact string
> for the vendor-class-identifier?

Yes, it does according to tcpdump. And the "if" statement in the group
block matches. So it must be something specific to the "class" block.

I think I'll try matching on the exact vendor-class-identifier instead
of a substring, and try serving an option unconditionally in the class.
Just to see of it's the substring part and/or the "if" clause in the
class block that doesn't work.

--
Pet

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Can't get class "match if" to actually match...

Peter Rathlev
In reply to this post by Peter Rathlev
Doh... I found the problem. I my hurry I had written

  substring(vendor-class-identifier, 0, 12)

instead of

  substring(option vendor-class-identifier, 0, 12)

On Fri, 2015-04-17 at 14:32 +0200, Peter Rathlev wrote:
> I can't get a "class" to actually match anything, and I'm not sure what
> I'm doing wrong.
...
>    class "Juniper-WLC" {
>      match if substring(vendor-class-identifier, 0, 12) = "WIRELESS-AP:";
>      if (config-option X-Juniper-AP-Options = "Juniper-AP-Cluster-2") {
>        log(info, "this message does not appear in the log");
>        # option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21,172.25.12.22";
>        option Vendor-specific-information "ip:172.23.12.21,172.23.12.22,172.23.12.23,172.25.12.21";
>      }
>    }

I'm not sure why it works inside a group, but strictly speaking it's an
error in syntax, so I'm not surprised it doesn't work as such.

After correcting this everything works as intended. :-) Sorry for the
noise.

--
Peter


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users