ISC DHCP Users

Trouble matching hardware address with class, subclass and pools

Classic

List

Threaded

2 messages Options

Fleming, Tony

Trouble matching hardware address with class, subclass and pools

Hello folks,

I am really struggling with class, subclass and matching directives.

I am trying to match a list of hardware addresses to allow them into a one set of addresses and everyone else goes to another set of addresses.

My configuration looks like:

Class “Allowed” {

match pick-first-value (option dhcp-client-identifier, hardware);

}

Subclass “Allowed” 1:xx:xx:xx:xx:xx:01;

shared-network "Restricted_Net" {

authoritative;

subnet 10.56.128.0 netmask 255.255.224.0 {

pool {

allow dynamic bootp clients;

allow members of "Allowed";

option routers 10.56.128.1;

range 10.56.128.21 10.56.159.250;

}

pool {

option routers 10.56.128.1;

range 10.56.159.251 10.56.159.254;

}

When using the device with the Ethernet xx:xx:xx:xx:xx:01, pool 10.56.128.21-250 (members of “Allowed”) is never used. It always falls through to the second pool “10.56.159.251-254”.

I know I am doing something dumb, but I am completely missing it.

I am running ISC DHCP Server 4.3.6

Any guidance is much appreciated.

Tony

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Simon Hobson

Re: Trouble matching hardware address with class, subclass and pools

Fleming, Tony <[hidden email]> wrote:

> My configuration looks like:
> Class “Allowed” {
> match pick-first-value (option dhcp-client-identifier, hardware);
> }
>
> Subclass “Allowed” 1:xx:xx:xx:xx:xx:01;
>
> shared-network "Restricted_Net" {
> authoritative;
> subnet 10.56.128.0 netmask 255.255.224.0 {
> pool {
> allow dynamic bootp clients;
> allow members of "Allowed";
> option routers 10.56.128.1;
> range 10.56.128.21 10.56.159.250;
> }
> pool {
> option routers 10.56.128.1;
> range 10.56.159.251 10.56.159.254;
> }
> }
> }
>
> When using the device with the Ethernet xx:xx:xx:xx:xx:01, pool 10.56.128.21-250 (members of “Allowed”) is never used. It always falls through to the second pool “10.56.159.251-254”.
>
> I know I am doing something dumb, but I am completely missing it.

Don't worry, we've all been there. You need to deny members of "Allowed" from the second pool.

Without a deny, although the client might match the class and be allowed in one range/pool/subnet/whatever - it's not automatically excluded from anything else. So if the client already had a lease (whether current or expired) in the second pool, then it will still be able to use it - and the server will offer it in preference to anything else. Also, if the client hasn't been seen before (i.e. has no previous lease) then the implementation (undocumented, not guaranteed not to change) will allocate "top down" address wise - so clients will preferentially be offered addresses in the higher numbered range until it has no "not previously used" addresses.

Simon

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users