ISC DHCP Users

client class parameters inside subnet decl?

Classic

List

Threaded

6 messages Options

Václav Ovsík

client class parameters inside subnet decl?

Hi,
I have doubts about correctness of the following configuration:

class "Alcatel-Lucent_IPSip" {
match if option vendor-class-identifier = "alcatel.ictouch.0"
or option vendor-class-identifier = "ictouche.class0";
}

subnet 10.2.44.0 netmask 255.255.255.0 {
option routers 10.2.44.1;
pool {
range 10.2.44.50 10.2.44.60;

class "Alcatel-Lucent_IPSip" {
next-server 10.2.28.12;
option vendor-encapsulated-options 3a:02:00:12:ff;
}
}
}

subnet 10.2.255.0 netmask 255.255.255.0 {
option routers 10.2.255.1;
pool {
range 10.2.255.50 10.2.255.60;

class "Alcatel-Lucent_IPSip" {
next-server 10.2.28.34;
option vendor-encapsulated-options 3a:02:00:34:ff;
}
}
}

My idea was to change parameters for IP phones, Wifi AP etc based on subnet.
This is simplified configuration already. Subnet 10.2.255.0/24 is not real in
this test environment. Only DHCP server 10.2.44.8 and one dhclient was present
on subnet 10.2.44.0/24.

The result is:

TIME: 2016-08-20 00:04:09.032
IP: 10.2.44.8 (52:54:0:d4:b1:14) > 10.2.44.50 (52:54:0:fe:1b:2a)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: f8a26116
SECS: 0
FLAGS: 0
CIADDR: 10.2.44.50
YIADDR: 10.2.44.50
SIADDR: 10.2.28.34
GIADDR: 0.0.0.0
CHADDR: 52:54:00:fe:1b:2a:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 10.2.44.8
OPTION: 51 ( 4) IP address leasetime 600 (10m)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 3 ( 4) Routers 10.2.44.1
OPTION: 15 ( 8) Domainname plz.i.cz
OPTION: 6 ( 12) DNS server 10.2.28.100,10.2.28.101,192.168.24.10
OPTION: 119 ( 12) Domain Search 03706c7a01690263 .plz.i.c
7a00c004 z...
OPTION: 44 ( 8) NetBIOS name server 10.0.156.141,10.0.156.142
OPTION: 42 ( 8) NTP servers 10.2.28.110,10.2.28.111
OPTION: 43 ( 5) Vendor specific info 3a020034ff :..4.
---------------------------------------------------------------------------

SIADDR (next-server) and option 43 coresspond to subnet 10.2.255.0, but
dhclient was on 10.2.44.0 :(.
I hoped it should be 10.2.28.12 and 3a020012ff (voice vlan).
ISC DHCP is running on Debian stable - 4.3.1-6+deb8u2.

What is the proper way to specify parameters for class members in
subnet please?

Regards
--
Zito
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Niall O'Reilly

Re: client class parameters inside subnet decl?

On 19 Aug 2016, at 23:50, Václav Ovsík wrote:

> Hi,
> I have doubts about correctness of the following configuration:
[...]
> This is simplified configuration already.

Please don't hide the configuration which is causing you trouble;
this makes it difficult for anyone to help you.

The problem you seem to be describing can arise either because
of internal inconsistency within the configuration or because
the configuration does not correspond to the network topology.

If you mean to use both prefixes 10.2.44.0/24 and 10.2.255.0/24
on the same network, you need an enclosing "shared-network" block
around the two (or more) "subnet" blocks.

The fragment you've sent has three declarations of the same
class; this is an internal inconsistency. Besides, reference to
p.443 of "The DHCP Handbook" (Droms & Lemon, ISBN: 1-57870-137-6)
suggests that a "class" declaration is not valid within a "pool"
declaration. I expect you may need a permit statement referencing
the class.

Best regards,

Niall O'Reilly

PS. There is a later (2nd) edition of the book I mentioned,
whose ISBN is 075-2063323274. /N
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

glenn.satchell

Re: client class parameters inside subnet decl?

In reply to this post by Václav Ovsík

As you've seen, redefining the class doesn't work as you expect. There's a
couple of ways around this.

Either use an if() clause in the initial class definition to have the
different options

Or, better I think, is to override the values in the pool. The permit
means that only members of the class Alcatel-Lucent_IPSip will match, but
you can have another pool in the same subnet with a deny members of
Alcatel-Lucent_IPSip for any other devices if needed. Similarly for the
other subnet.

So your definition below becomes:

subnet 10.2.44.0 netmask 255.255.255.0 {
option routers 10.2.44.1;
pool {
range 10.2.44.50 10.2.44.60;
allow members of "Alcatel-Lucent_IPSip";
next-server 10.2.28.12;
option vendor-encapsulated-options 3a:02:00:12:ff;
}
}

regards,
-glenn

On Sat, August 20, 2016 8:50 am, Václav Ovsík wrote:

> Hi,
> I have doubts about correctness of the following configuration:
>
>
> class "Alcatel-Lucent_IPSip" {
> match if option vendor-class-identifier = "alcatel.ictouch.0"
> or option vendor-class-identifier = "ictouche.class0";
> }
>
> subnet 10.2.44.0 netmask 255.255.255.0 {
> option routers 10.2.44.1;
> pool {
> range 10.2.44.50 10.2.44.60;
>
> class "Alcatel-Lucent_IPSip" {
> next-server 10.2.28.12;
> option vendor-encapsulated-options
> 3a:02:00:12:ff;
> }
> }
> }
>
> subnet 10.2.255.0 netmask 255.255.255.0 {
> option routers 10.2.255.1;
> pool {
> range 10.2.255.50 10.2.255.60;
>
> class "Alcatel-Lucent_IPSip" {
> next-server 10.2.28.34;
> option vendor-encapsulated-options
> 3a:02:00:34:ff;
> }
> }
> }
>
>
> My idea was to change parameters for IP phones, Wifi AP etc based on
> subnet.
> This is simplified configuration already. Subnet 10.2.255.0/24 is not real
> in
> this test environment. Only DHCP server 10.2.44.8 and one dhclient was
> present
> on subnet 10.2.44.0/24.
>
> The result is:
>
> TIME: 2016-08-20 00:04:09.032
> IP: 10.2.44.8 (52:54:0:d4:b1:14) > 10.2.44.50 (52:54:0:fe:1b:2a)
> OP: 2 (BOOTPREPLY)
> HTYPE: 1 (Ethernet)
> HLEN: 6
> HOPS: 0
> XID: f8a26116
> SECS: 0
> FLAGS: 0
> CIADDR: 10.2.44.50
> YIADDR: 10.2.44.50
> SIADDR: 10.2.28.34
> GIADDR: 0.0.0.0
> CHADDR: 52:54:00:fe:1b:2a:00:00:00:00:00:00:00:00:00:00
> SNAME: .
> FNAME: .
> OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
> OPTION: 54 ( 4) Server identifier 10.2.44.8
> OPTION: 51 ( 4) IP address leasetime 600 (10m)
> OPTION: 1 ( 4) Subnet mask 255.255.255.0
> OPTION: 3 ( 4) Routers 10.2.44.1
> OPTION: 15 ( 8) Domainname plz.i.cz
> OPTION: 6 ( 12) DNS server
> 10.2.28.100,10.2.28.101,192.168.24.10
> OPTION: 119 ( 12) Domain Search 03706c7a01690263 .plz.i.c
> 7a00c004 z...
> OPTION: 44 ( 8) NetBIOS name server 10.0.156.141,10.0.156.142
> OPTION: 42 ( 8) NTP servers 10.2.28.110,10.2.28.111
> OPTION: 43 ( 5) Vendor specific info 3a020034ff :..4.
> ---------------------------------------------------------------------------
>
> SIADDR (next-server) and option 43 coresspond to subnet 10.2.255.0, but
> dhclient was on 10.2.44.0 :(.
> I hoped it should be 10.2.28.12 and 3a020012ff (voice vlan).
> ISC DHCP is running on Debian stable - 4.3.1-6+deb8u2.
>
> What is the proper way to specify parameters for class members in
> subnet please?
>
> Regards
> --
> Zito
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Václav Ovsík

Re: client class parameters inside subnet decl?

In reply to this post by Niall O'Reilly

On Sat, Aug 20, 2016 at 12:31:45PM +0100, Niall O'Reilly wrote:
> On 19 Aug 2016, at 23:50, Václav Ovsík wrote:

> [...]
> > This is simplified configuration already.
>
> Please don't hide the configuration which is causing you trouble;
> this makes it difficult for anyone to help you.

I did simplification and the interesting point was preserved, the
original configuration was too complicated...

> The problem you seem to be describing can arise either because
> of internal inconsistency within the configuration or because
> the configuration does not correspond to the network topology.

the first point is this case probably. I found
http://serverfault.com/questions/741387/classes-declaration-inside-of-subnets-in-isc-dhcp
but there was no warning from dhcpd in my case.

I didn't certain, that every aspect of class is global only and my
configuration construction is inconsistent.

> If you mean to use both prefixes 10.2.44.0/24 and 10.2.255.0/24
> on the same network, you need an enclosing "shared-network" block
> around the two (or more) "subnet" blocks.

There was no physical net 10.2.255.0/24. It was used solely to show
my problem in configuration.

> The fragment you've sent has three declarations of the same
> class; this is an internal inconsistency. Besides, reference to
> p.443 of "The DHCP Handbook" (Droms & Lemon, ISBN: 1-57870-137-6)
> suggests that a "class" declaration is not valid within a "pool"
> declaration. I expect you may need a permit statement referencing
> the class.

Thanks!
Maybe dhcpd should emit a message about this inconsistency :(.
Have a nice day
--
Zito
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Václav Ovsík

Re: client class parameters inside subnet decl?

In reply to this post by glenn.satchell

On Sun, Aug 21, 2016 at 02:42:50AM +1000, Glenn Satchell wrote:
> As you've seen, redefining the class doesn't work as you expect. There's a
> couple of ways around this.
>
> Either use an if() clause in the initial class definition to have the
> different options

You mean probably
if config-option ...<some option identifing subnet> test
options for class clients on subnet
...
Interesting, this hadn't crossed my mind.

> Or, better I think, is to override the values in the pool. The permit
> means that only members of the class Alcatel-Lucent_IPSip will match, but
> you can have another pool in the same subnet with a deny members of
> Alcatel-Lucent_IPSip for any other devices if needed. Similarly for the
> other subnet.
>
> So your definition below becomes:
>
> subnet 10.2.44.0 netmask 255.255.255.0 {
> option routers 10.2.44.1;
> pool {
> range 10.2.44.50 10.2.44.60;
> allow members of "Alcatel-Lucent_IPSip";
> next-server 10.2.28.12;
> option vendor-encapsulated-options 3a:02:00:12:ff;
> }
> }

I wondered about this. The drawback of this solution is fragmentation of
IP address range. But yes, I can live with it.

What a shame, there is no

if member_of class
options...

Oh, maybe I can globaly set some option for class members and test it in
subnet. I'm going to experiment with this ;)

Thanks
Have a nice day
--
Zito
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Václav Ovsík

Re: client class parameters inside subnet decl?

On Mon, Aug 22, 2016 at 10:25:27AM +0200, Václav Ovsík wrote:
> What a shame, there is no
>
> if member_of class
> options...
>
> Oh, maybe I can globaly set some option for class members and test it in
> subnet. I'm going to experiment with this ;)

FYI: This doesn't work. I tried

class "Alcatel-Lucent_IPTouch" {
match if option vendor-class-identifier = "alcatel.tsc-ip.0"
or option vendor-class-identifier = "alcatel.noe.0";
option user-class "classAlcatelIPT";
}

and then in subnet pool

if config-option user-class = "classAlcatelIPT"...

Maybe the order of evaluating is probably against this. :(
Regards
--
Zito
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users