*** From dhcp-server -- To unsubscribe, see the end of this message. ***
> group {
> pool {
> range 172.21.16.2 172.21.19.254;
> range 172.21.20.2 172.21.23.254;
> }
> host PC1 {
> hardware ethernet 00:c0:f0:f0:ab:c1;
> filename "config-PC1";
> }
> host PC2 {
> hardware ethernet 00:c0:f0:f0:ab:c5;
> filename "config-PC2";
> }
> }
>
> group {
> pool {
> range 172.16.16.2 172.16.19.254;
> range 172.16.20.2 172.16.23.254;
> }
> host PC3 {
> hardware ethernet 00:c0:f0:f0:ab:d3;
> }
> host PC4 {
> hardware ethernet 00:c0:f0:f0:ab:d1;
> }
> }
Not possible. Scoping only works for parameters and options (i.e.,
``max-lease-time'' or ``option domain-name''). To control address
allocation, you need classing. This distinction may seem artificial,
but the behaviour implied by scoping rules turns out not to mesh very
well with classing, so I decided not to try to make it work.
So here's one way to do the above:
class "group1" {
}
class "group2" {
}
shared-network MYNET {
pool {
permit members of "group1";
range 172.21.16.2 172.21.19.254;
range 172.21.20.2 172.21.23.254;
}
pool {
range 172.16.16.2 172.16.19.254;
range 172.16.20.2 172.16.23.254;
permit members of "group2";
}
deny unknown-clients;
subnet 172.21.16.0 netmask 255.255.252.0 {
option broadcast-address 172.21.19.255;
option routers 172.21.16.1;
}
subnet 172.21.20.0 netmask 255.255.252.0 {
option broadcast-address 172.21.23.255;
option routers 172.21.20.1;
}
subnet 172.16.16.0 netmask 255.255.252.0 {
option broadcast-address 172.16.19.255;
option routers 172.16.16.1;
}
subnet 172.20.20.0 netmask 255.255.252.0 {
option broadcast-address 172.20.23.255;
option routers 172.20.20.1;
}
}
host PC1 {
hardware ethernet 00:c0:f0:f0:ab:c1;
filename "config-PC1";
add "group1";
}
host PC2 {
hardware ethernet 00:c0:f0:f0:ab:c5;
filename "config-PC2";
add "group1";
}
host PC3 {
hardware ethernet 00:c0:f0:f0:ab:d3;
add "group2";
}
host PC4 {
hardware ethernet 00:c0:f0:f0:ab:d1;
add "group2";
}
What's going on here is that each host is being explicitly added to a
group, and the groups are being used to permit or deny access to the
pools.
The way this is done is actually kind of cumbersome and inefficient.
The following example is probably the best way to do it, although it's
a little less self-explanatory. Notice that in this example, I've
taken out the "deny unknown-clients", since there aren't any host
declarations, so all clients will be considered unknown. Also notice
that the subclass matching string for each client is the hardware
address with the number '1' prepended to it - this is the code for
ethernet. Subclasses don't have to have scopes unless you have
something to declare there, which makes the second pair of
declarations very brief.
class "group1" {
match hardware;
}
class "group2" {
match hardware;
}
subclass "group1" 1:00:c0:f0:f0:ab:c1 {
filename "config-PC1";
}
subclass "group1" 1:00:c0:f0:f0:ab:c5 {
filename "config-PC2";
}
subclass "group2" 1:00:c0:f0:f0:ab:d3;
subclass "group2" 1:00:c0:f0:f0:ab:d1;
shared-network MYNET {
pool {
permit members of "group1";
range 172.21.16.2 172.21.19.254;
range 172.21.20.2 172.21.23.254;
}
pool {
range 172.16.16.2 172.16.19.254;
range 172.16.20.2 172.16.23.254;
permit members of "group2";
}
subnet 172.21.16.0 netmask 255.255.252.0 {
option broadcast-address 172.21.19.255;
option routers 172.21.16.1;
}
subnet 172.21.20.0 netmask 255.255.252.0 {
option broadcast-address 172.21.23.255;
option routers 172.21.20.1;
}
subnet 172.16.16.0 netmask 255.255.252.0 {
option broadcast-address 172.16.19.255;
option routers 172.16.16.1;
}
subnet 172.20.20.0 netmask 255.255.252.0 {
option broadcast-address 172.20.23.255;
option routers 172.20.20.1;
}
}
_MelloN_
------------------------------------------------------------------------------
To unsubscribe from this list, please visit http://www.fugue.com/dhcp/lists
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] Please try to use the web
page first - it will take a long time for your request to be processed by hand.
Archives for this mailing list are available at
http://www.webnology.com/list-archives/dhcp/dhcp-server
------------------------------------------------------------------------------
