To have various IP ranges in the same subnet and assign the IP Address depending of the device type that sends the request.

Hi everyone,

I have read a lot of information on Internet but I haven't this too clear and I would like ask you if this can do or not.

This is the situation:

- I have a network wired and WIFI.
- I have the ISC DHCP Server that assign IP address statically with "fixed-address" and dinamically from a pool address with "range".

I would know if I can to have, for example, 3 ranges and assign the IP Address depending of the device type that request the IP.

For example:

- Static IP to devices that I want by MAC.
- POOL1 to LAPTOP.
- POOL2 to Smartphones.
- POOL3 to Tablets or Watches.

How could I discriminate the request and assign the IP from POOL1, POOL2 or POOL3 depending if the device is a LAPTOP, a Smartphone or a Tablet?

Can I do this?

• I have a few static host entries defined globally for a few hosts that need a fixed address
• I have one subnet for unknown devices - devices that are connected but have not been accepted by me
• I have a different subnet for normal use
• I have one pool for devices that are allowed internet access
• I have one pool for devices that are not allowed internet access
• I have a space for the fixed addresses outside of these pools
• I have defined two classes, one for internet access and one without
• I use a list of subclass definitions for every device without a fixed address
• each subclass definition determines access or not by assigning to the class and in some cases give the DNS name
• Each pool definition use deny and allow statements to allow only the relevant devices

The difficult part of your setup will be to assign each device to the correct class. There are lots of possibilities but specific knowledge is needed about your devices to do that.

I use a manually edited list of subclass definitions because this fits my needs. My next setup will be KEA with mysql backend and a web page to do the administration.

What would be the best way to do it?

Does anyone have, and can show me, some examples?


Best regards,

Juan García

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

What Sten is doing is as described in the manual (man dhcpd.conf) section under subclassing. So your "laptop" class might look like :
class "laptop" {
  match pick-first-value (option dhcp-client-identifier, hardware);
}
subclass "laptop" 1:aa:bb:cc:dd:ee:ff ;
subclass "laptop" 1:ff:ee:dd:cc:bb:aa ;
...
This works if you know (in advance, or at least as they are "registered" onto the network) the client ID and/or MAC address for each device, it doesn't work if devices can just come and go as they please.

Hi Simon,

Too much thanks by your anotation about the Hosts Declarations. I will keep them in mind and I will change it.

About the Hosts Classifications, I have tested this and works for me:

------------------------------------------------------------------------------
class "smartphones" {
  match if substring(option vendor-class-identifier,0,13) = "android-dhcp-" or
           substring(option vendor-class-identifier,0,7) = "HUAWEI:" or
           substring(option vendor-class-identifier,0,7) = "dhcpcd-";
}
------------------------------------------------------------------------------

That is the same that this:

------------------------------------------------------------------------------
class "smartphones" {
  match option vendor-class-identifier;
}

subclass "smartphones" "android-dhcp-9"
subclass "smartphones" "android-dhcp-8.1.0"
subclass "smartphones" "android-dhcp-7.0"
subclass "smartphones" "HUAWEI:android:FIG-L11"
subclass "smartphones" "HUAWEI:android:QC_Reference_Phone"
subclass "smartphones" "dhcpcd-5.5.6"
------------------------------------------------------------------------------

And I can change it to:

------------------------------------------------------------------------------
class "smartphones" {
  match option vendor-class-identifier;
}

include smartphones.cfg

* smartphones.cfg file containing the subclass lines.
------------------------------------------------------------------------------

But, is there any way to minimize the number of lines to include in the smartphones.cfg file using some kind of wildcard or expression/function like "substring()" used in the Class Declaration?

Another question:

The iPhones and the iPads not send the "vendor-class-identifier" option in the DHCP Discover Packet.

Could I classify iPhones and iPads taking into account some other parameter of the DHCP Discover Packet?


Best regards

El lun., 5 ago. 2019 a las 19:35, Simon Hobson (<[hidden email]>) escribió:

Juan Antonio García Moreno <[hidden email]> wrote:

> I relly have some hosts declarations, but I don't have put these in the post.

Ah yes, about that ... see below !

> subnet 10.53.0.0 netmask 255.255.0.0 {
>
>   default-lease-time 86400;
>   max-lease-time 172800;
>
>   option broadcast-address 10.53.255.255;
>   option routers 10.53.1.1;
>
>   # Unknown Clients Range.
>   pool {
>     deny members of "smartphones";
>     range 10.53.33.1 10.53.35.254;
>   }
>
>   # Smartphones Range.
>   pool {
>     allow members of "smartphones";
>     range 10.53.10.2 10.53.11.254;
>   }
>
>   host PC-01 {
>     hardware ethernet ff:ff:ff:ff:ff:01;
>     fixed-address 10.53.100.5;
>   }
>
>   host PC-02 {
>     hardware ethernet ff:ff:ff:ff:ff:02;
>     fixed-address 10.53.100.6;
>   }
>
> }

That is another common mistake. Host declarations are always global in scope even though you might think that putting them inside a subnet declaration would tie them to that subnet. So even though declared inside one subnet, they will be "known" in any subnet - which in itself can cause considerable confusion.
But what really makes life "interesting" (see https://en.wikipedia.org/wiki/May_you_live_in_interesting_times) is that should a host be connected to a different network, it will inherit option values from the subnet where it is defined. Thus you find yourself with a client that's been given an address by DHCP, but the gateway address it's been given is in a completely different subnet !


> And too, howto fill a text file with the "vendor-class-identifier" of the smartphones and include in the DHCP Server config to match the smartphones devices too.

It's a simple scripting exercise to take a text file containing one string per line, and build a config file snippet. You can then use an include statement to incorporate that config snippet into the daemon config.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

--

Juan García  Dto. de Soporte Interno EMERGYA INGENIERÍA

m: +34 954 517 577 p: +34 954 517 577 e: [hidden email]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

You don't need substring for the host name for regexp.  Regexp finds the string
anywhere in the host name.  From my earlier reply to you:
class "mobile_device" {
    match if (
        option vendor-class-identifier ~~ "android"
        or option host-name ~~ "android"
        or option host-name ~~ "iphone"
        or option host-name ~~ "samsung-"
        or option host-name ~~ "galaxy"
        or option host-name ~~ "ipod"
        or option host-name ~~ "ipad"
        or option host-name ~~ "watch"
        or option host-name ~~ "nintendo 3ds"
    );
}
Host name "theIphoneOfBob" will match on the above class.

Bill

Hi Bob,

I think too that that works but I was thinking to do with only one "Class" and a include file with all of "subclass". I'm test it later.

To classify, I am doing now this:

------------------------------------------------------------------------------------------------------------
#*** WORKS ***
class "smartphones" {

  match if (

    # ************************ ANDROID ****************************
    substring(option vendor-class-identifier,0,13) = "android-dhcp-" or
    substring(option vendor-class-identifier,0,7) = "HUAWEI:" or
    substring(option vendor-class-identifier,0,7) = "dhcpcd-" or
    # ************************ IOS ****************************
    substring(option host-name,0,6) ~~ "iphone" or
    substring(option host-name,0,4) ~~ "ipod" or
    substring(option host-name,0,4) ~~ "ipad" or
    # ********************* Windows-Phone *********************....
    substring(option host-name,0,13) ~~ "windows-phone"

    );

}
------------------------------------------------------------------------------------------------------------

The most Android phones sends the "Option 62" and I think that I haven't problems to classific them.

The problem that I have found is that Windows-Movile phones and the iPhones not send the "Option 62" and I need do the classifi by the "Host Name (Option 12)".

With "substring(option host-name,0,6) ~~ "iphone" I can classify, by example, these phones by Host Name:

---------------------------------------------------
iphone-John
iPhone-John
Iphone-Sam
Iphone Administration
...
---------------------------------------------------

But I have found situations like these:

---------------------------------------------------
Bod-iphone
JohnyiPhone
Samuel-Iphone
Contability Iphone
...
---------------------------------------------------

Then I think that I would need add a line by each different situation, by example:

---------------------------------------------------
substring(option host-name,5,6) ~~ "iphone"
substring(option host-name,6,6) ~~ "iphone"
substring(option host-name,8,6) ~~ "iphone"
substring(option host-name,13,6) ~~ "iphone"
---------------------------------------------------

Would I can classify the iPhone phones and the Windows phones otherwise?


Are there any way to summarize these lines, for example, in:

---------------------------------------------------
substring(option host-name) "<CONTAINING>" "iphone"
---------------------------------------------------

or similary?


Best regards

El jue., 8 ago. 2019 a las 22:33, Bob Harold (<[hidden email]>) escribió:

On Thu, Aug 8, 2019 at 3:28 AM Juan Antonio García Moreno <[hidden email]> wrote:

Hi again,

I have tested this and work:

--------------------------------------------------------------------------
class "smartphones" {

  match if substring(option vendor-class-identifier,0,13) = "android-dhcp-" or
           substring(option vendor-class-identifier,0,7) = "HUAWEI:" or
           substring(option vendor-class-identifier,0,7) = "dhcpcd-";

}
--------------------------------------------------------------------------

But if I change it to:

--------------------------------------------------------------------------
class "smartphones" {

  match if substring(option vendor-class-identifier,0,13) or
           substring(option vendor-class-identifier,0,7);

}

subclass "smartphones" "android-dhcp-";
subclass "smartphones" "HUAWEI:";
subclass "smartphones" "dhcpcd-";

That won't work.  The syntax is wrong.  Look carefully at the examples originally given for the two syntax that work.  "IF" requires a boolean expression "a = b" or "a ~~ b" etc.  

You might try:

class "smartphones13" {

  match substring(option vendor-class-identifier,0,13)  # note NO "if"

}

subclass "smartphones13" "android-dhcp-";

class "smartphones7" {

  match substring(option vendor-class-identifier,0,7)  # note NO "if"

}

subclass "smartphones7" "HUAWEI:";
subclass "smartphones7" "dhcpcd-";

I cannot say if it would work, but worth a try.  I think this is as close as I can get to what you wanted.

-- 

Bob Harold

 

--------------------------------------------------------------------------

When I reload the config in the server, It shows me this error:

--------------------------------------------------------------------------
# service dhcp-server force-reload
dhcpd self-test failed. Please fix the config file.
The error was:
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
/etc/dhcp/dhcpd.conf line 67: expecting boolean expressions
           substring(option vendor-class-identifier,0,7);
                                                        ^
WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Configuration file errors encountered -- exiting
#
--------------------------------------------------------------------------

I can't do this or I am doint it wrong?

Best regards

El jue., 8 ago. 2019 a las 7:50, Bill Shirley (<[hidden email]>) escribió:

Here's a couple of classes you might find useful:
class "mobile_device" {
    match if (
        option vendor-class-identifier ~~ "android"
        or option host-name ~~ "android"
        or option host-name ~~ "iphone"
        or option host-name ~~ "samsung-"
        or option host-name ~~ "galaxy"
        or option host-name ~~ "ipod"
        or option host-name ~~ "ipad"
        or option host-name ~~ "watch"
        or option host-name ~~ "nintendo 3ds"
    );
}
class "Microsoft" {
    match if substring(option vendor-class-identifier, 0, 4) = "MSFT";
    set member_of = "Microsoft";
}
The first class uses the regexp operator ~~ (case insensitive).  There is also the
case sensitive operator ~=.

On the subject of implicit deny for a pool with only "allow members":
I classify most of my devices (i.e. Panasonic, Ricoh, Canon, Linux, Microsoft) to assign
them to a specific pool (i.e Printers, Linux, Microsoft, mobile_device).  Then I have an
"uncategorized" pool for those devices that aren't in a currently defined class so that they
will get an address.  If later I change a class to include a device (say Epson), that device
will request its previous address on renew and will get it if my "uncategorized" pool doesn't
have a 'deny members of "Epson"' configuration line.

TL;DR - If a device requests a renewal of an address and there is no "deny members" for
the pool, it will be granted.

dhcp-server-4.3.6-10.fc27.x86_64

Bill

On 8/7/2019 8:42 AM, Juan Antonio García Moreno wrote:

Hi Simon,

Too much thanks by your anotation about the Hosts Declarations. I will keep them in mind and I will change it.

About the Hosts Classifications, I have tested this and works for me:

------------------------------------------------------------------------------
class "smartphones" {
  match if substring(option vendor-class-identifier,0,13) = "android-dhcp-" or
           substring(option vendor-class-identifier,0,7) = "HUAWEI:" or
           substring(option vendor-class-identifier,0,7) = "dhcpcd-";
}
------------------------------------------------------------------------------

That is the same that this:

------------------------------------------------------------------------------
class "smartphones" {
  match option vendor-class-identifier;
}

subclass "smartphones" "android-dhcp-9"
subclass "smartphones" "android-dhcp-8.1.0"
subclass "smartphones" "android-dhcp-7.0"
subclass "smartphones" "HUAWEI:android:FIG-L11"
subclass "smartphones" "HUAWEI:android:QC_Reference_Phone"
subclass "smartphones" "dhcpcd-5.5.6"
------------------------------------------------------------------------------

And I can change it to:

------------------------------------------------------------------------------
class "smartphones" {
  match option vendor-class-identifier;
}

include smartphones.cfg

* smartphones.cfg file containing the subclass lines.
------------------------------------------------------------------------------

But, is there any way to minimize the number of lines to include in the smartphones.cfg file using some kind of wildcard or expression/function like "substring()" used in the Class Declaration?

Another question:

The iPhones and the iPads not send the "vendor-class-identifier" option in the DHCP Discover Packet.

Could I classify iPhones and iPads taking into account some other parameter of the DHCP Discover Packet?


Best regards

El lun., 5 ago. 2019 a las 19:35, Simon Hobson (<[hidden email]>) escribió:

Juan Antonio García Moreno <[hidden email]> wrote:

> I relly have some hosts declarations, but I don't have put these in the post.

Ah yes, about that ... see below !

> subnet 10.53.0.0 netmask 255.255.0.0 {
>
>   default-lease-time 86400;
>   max-lease-time 172800;
>
>   option broadcast-address 10.53.255.255;
>   option routers 10.53.1.1;
>
>   # Unknown Clients Range.
>   pool {
>     deny members of "smartphones";
>     range 10.53.33.1 10.53.35.254;
>   }
>
>   # Smartphones Range.
>   pool {
>     allow members of "smartphones";
>     range 10.53.10.2 10.53.11.254;
>   }
>
>   host PC-01 {
>     hardware ethernet ff:ff:ff:ff:ff:01;
>     fixed-address 10.53.100.5;
>   }
>
>   host PC-02 {
>     hardware ethernet ff:ff:ff:ff:ff:02;
>     fixed-address 10.53.100.6;
>   }
>
> }

That is another common mistake. Host declarations are always global in scope even though you might think that putting them inside a subnet declaration would tie them to that subnet. So even though declared inside one subnet, they will be "known" in any subnet - which in itself can cause considerable confusion.
But what really makes life "interesting" (see https://en.wikipedia.org/wiki/May_you_live_in_interesting_times) is that should a host be connected to a different network, it will inherit option values from the subnet where it is defined. Thus you find yourself with a client that's been given an address by DHCP, but the gateway address it's been given is in a completely different subnet !


> And too, howto fill a text file with the "vendor-class-identifier" of the smartphones and include in the DHCP Server config to match the smartphones devices too.

It's a simple scripting exercise to take a text file containing one string per line, and build a config file snippet. You can then use an include statement to incorporate that config snippet into the daemon config.

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

--

Juan García  Dto. de Soporte Interno EMERGYA INGENIERÍA

m: +34 954 517 577 p: +34 954 517 577 e: [hidden email]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

--

Juan García  Dto. de Soporte Interno EMERGYA INGENIERÍA

m: +34 954 517 577 p: +34 954 517 577 e: [hidden email]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

--

Juan García  Dto. de Soporte Interno EMERGYA INGENIERÍA

m: +34 954 517 577 p: +34 954 517 577 e: [hidden email]

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users