Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the
request. (Simon Hobson)
2. Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the
request. (Sten Carlsen)
3. Advanced Features (Andrea Lenarduzzi)
4. Re: Advanced Features (Sten Carlsen)
----------------------------------------------------------------------
Message: 1
Date: Thu, 1 Aug 2019 13:27:31 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the request.
Message-ID: <3db56e10-4b69-4a97-8520-7fae0db8e...@thehobsons.co.uk>
Content-Type: text/plain; charset=utf-8
Juan Antonio Garc?a Moreno <jagar...@emergya.com> wrote:
> This is the situation:
>
> - I have a network wired and WIFI.
> - I have the ISC DHCP Server that assign IP address statically with
> "fixed-address" and dinamically from a pool address with "range".
>
> I would know if I can to have, for example, 3 ranges and assign the IP
> Address depending of the device type that request the IP.
>
> For example:
>
> - Static IP to devices that I want by MAC.
> - POOL1 to LAPTOP.
> - POOL2 to Smartphones.
> - POOL3 to Tablets or Watches.
>
> How could I discriminate the request and assign the IP from POOL1, POOL2 or
> POOL3 depending if the device is a LAPTOP, a Smartphone or a Tablet?
>
> Can I do this?
>
> What would be the best way to do it?
Can you do it - yes
What is the best way - it depends !
Firstly, a few details ...
Are these ranges in the same subnet, or do you have multiple subnets on the
same network ? It doesn't really matter, but it changes a couple of details.
Do devices come and go as they please, or do you have some system for
registering/knowing about them ? This does make a big difference !
The basic process is that you need to classify the devices and allocate them to
an appropriate class. The basic structure is like this :
class laptop {
match <some logic to identify them>
}
class smartphone {
match <some logic again>
}
class tablet {
match <some more logic>
}
subnet blah {
subnet specific options ...
pool {
allow members of "laptop" ;
range ...
range specific options
}
pool {
allow members of "smartphone" ;
range ...
range specific options
}
pool {
allow members of "tablet" ;
range ...
range specific options
}
}
How this works is that each requests gets passed through the classification
logic and clients get put into a class. Membership of the class is then used to
determine which pool(s) the client is permitted to use, and hence what address
range is used. As Sten said, the hard part is the classification logic ...
What Sten is doing is as described in the manual (man dhcpd.conf) section under
subclassing. So your "laptop" class might look like :
class "laptop" {
match pick-first-value (option dhcp-client-identifier, hardware);
}
subclass "laptop" 1:aa:bb:cc:dd:ee:ff ;
subclass "laptop" 1:ff:ee:dd:cc:bb:aa ;
...
This works if you know (in advance, or at least as they are "registered" onto
the network) the client ID and/or MAC address for each device, it doesn't work
if devices can just come and go as they please.
You could try doing it by manufacturer like this :
class "laptop" {
match if substring(hardware,1,3)=aa:bb:cc;
}
which would match all devices where the MAC address starts with aa:bb:cc. This
quickly becomes unwieldy given the number of manufacturers, all with multiple
blocks of MAC addresses (check the man page, the "or" construct might not be
correct) :
class "laptop" {
match if substring(hardware,1,3)=aa:bb:cc
or if substring(hardware,1,3)=ff:ee:dd
or ... ;
}
Another factor to consider is the execution time. All classes are evaluated for
all requests (a client may belong to more than one class), and if each one had
a long list of "if ... or ... or ..." statements to match, then it would
increase CPU load on a busy server.
That should give you some ideas to work on, then come back when you've either
decided it's going to be too much effort :D, or you've got more specific
queries.
------------------------------
Message: 2
Date: Thu, 1 Aug 2019 18:00:42 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: dhcp-users@lists.isc.org
Subject: Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the request.
Message-ID: <096ea1b2-8feb-5c64-3113-02e51d579...@s-carlsen.dk>
Content-Type: text/plain; charset="utf-8"
> What Sten is doing is as described in the manual (man dhcpd.conf) section
> under subclassing. So your "laptop" class might look like :
> class "laptop" {
> match pick-first-value (option dhcp-client-identifier, hardware);
> }
> subclass "laptop" 1:aa:bb:cc:dd:ee:ff ;
> subclass "laptop" 1:ff:ee:dd:cc:bb:aa ;
> ...
> This works if you know (in advance, or at least as they are "registered" onto
> the network) the client ID and/or MAC address for each device, it doesn't
> work if devices can just come and go as they please.
>
Examples of how my files look, only relevant details are shown:
dhcpd.conf:
# class definitions
class "gateway-0" {
??? ?match hardware;
??? }
class "gateway-5" {
??? ?match hardware;
??? }
# Subnet Declarations
shared-network hjemme{
??? authoritative;
??? subnet 192.168.16.0 netmask 255.255.255.0{
??? ??? option domain-name??? ??? "xx";
??? ??? option domain-name-servers??? 192.168.16.20;
??? ??? option domain-name-servers??? xx;
??? ??? option subnet-mask??? ??? 255.255.255.0;
??? ??? # B-NODE: Broadcast - no WINS
??? ??? option netbios-node-type??? 1;
??? ??? pool{
??? ??? ??? # NO router - these must not touch the internet
??? ??? ??? allow members of??? ??? "gateway-0";
??? ??? ??? range 192.168.16.160??? ??? 192.168.16.195;
??? ??? }
??? ??? pool{
??? ??? ??? # these go to the FIBER link
??? ??? ??? option routers??? ??? ??? 192.168.16.5;
??? ??? ??? allow members of??? ??? "gateway-5";
??? ??? ??? range 192.168.16.50??? ??? 192.168.16.150;
??? ??? }
??? }
??? subnet 192.168.161.0? netmask 255.255.255.0{
??? ??? max-lease-time 300;
??? ??? default-lease-time 150;
??? ??? pool{
??? ??? ??? # These are not known (yet) and shall not see any other host
??? ??? ??? deny known-clients;
??? ??? ??? deny members of??? ??? ??? "gateway-0";
??? ??? ??? deny members of??? ??? ??? "gateway-5";
??? ??? ??? range 192.168.161.100??? ??? 192.168.161.150;
??? ??? }
??? }
}
include "/etc/dhcp/subclass.conf";
subclass.conf:
subclass "gateway-0" 1:00:18:4d:58:a3:ae;
subclass "gateway-0" 1:00:1c:42:84:58:bd;
subclass "gateway-0" 1:00:1d:b3:cb:65:80 {ddns-hostname procurve-1;}
subclass "gateway-0" 1:00:40:8C:29:1E:AE;
subclass "gateway-0" 1:00:80:f0:8f:fd:27;
subclass "gateway-0" 1:00:80:f0:a0:02:40;
subclass "gateway-0" 1:28:10:7b:10:5c:a2 {ddns-hostname argus4;}
subclass "gateway-0" 1:de:ad:be:ef:fe:ed {ddns-hostname ard;}
subclass "gateway-5" 1:00:11:32:05:BB:E9 {always-broadcast
on;ddns-hostname ds-209;}
subclass "gateway-5" 1:00:16:cb:95:7a:7c;
subclass "gateway-5" 1:00:17:f2:41:7c:ff;
subclass "gateway-5" 1:00:18:56:22:d6:93;
subclass "gateway-5" 1:00:1b:63:05:99:1b;
subclass "gateway-5" 1:00:1b:63:1d:1a:f4;
subclass "gateway-5" 1:00:1e:c2:14:ee:7b;
subclass "gateway-5" 1:00:1e:c2:a6:f5:35;
Sten
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190801/8794bc4c/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 2 Aug 2019 10:15:28 +0000 (UTC)
From: Andrea Lenarduzzi <andreau...@yahoo.it>
To: "dhcp-users@lists.isc.org" <dhcp-users@lists.isc.org>
Subject: Advanced Features
Message-ID: <1711194006.203987.1564740928...@mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"
Hi, I'm setting a ISC-Dhcp server on Debian
This is part of /etc/dhcp/dhcpd.conf :
class "laptops" {
?match hardware;
}
subclass "laptops" MAC1;subclass "laptops" MAC2;subclass "laptops" MAC3
class "desktops" {
?match hardware;
}
subclasssubclass "desktops" MAC4;subclass "desktops" MAC5;subclass "desktops"
MAC6;subclass "desktops" MAC7;
class "mobile" {
?match hardware;
}
subclass "mobile" MAC8;
shared-network Mobile {
subnet xxx.xxx.xxx.0 netmask 255.255.255.0 {
pool {
??? range xxxxxxxx xxxxxxx;
??? allow members of "laptops";
??? allow members of "desktops";
??? allow members of "mobile";
#??? deny members of "deny";
}
??? option subnet-mask 255.255.255.0;
??? option broadcast-address xxx.xxx.xxx.255;
??? option routers xxxxxxxx;
??? option domain-name-servers 208.67.222.222;
}
}
shared-network Cgil {
subnet yyyyyyyyy netmask 255.255.255.0 {
pool {
??? range yyyyyyy yyyyyyyy;
??? allow members of "laptops";
??? allow members of "desktops";
??? deny members of "mobile";
??? deny members of "deny";
}
??? option subnet-mask 255.255.255.0;
??? option broadcast-address yyyyyyy.255;
??? option routers yyyyyy.254;
??? option domain-name-servers yyyyyyyyy;
??? option ntp-servers yyyyyyyyyy;
}
}
Can I set subclass "name" MAC in DB and dhcpd.conf see details from db?
Can I mail me when new MAC of specific class ask an IP?
Thank you
Uzzi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190802/f64f67fb/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 2 Aug 2019 13:01:09 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Advanced Features
Message-ID: <1aad08cb-8cfa-4984-a248-815693336...@s-carlsen.dk>
Content-Type: text/plain; charset="us-ascii"
>
> subnet yyyyyyyyy netmask 255.255.255.0 {
> pool {
> range yyyyyyy yyyyyyyy;
> allow members of "laptops";
> allow members of "desktops";
> deny members of "mobile";
> deny members of "deny";
> }
Do be very careful when using allow AND deny in the same context. This is
likely to produce results that are not what you might think they should be.
Sten
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190802/cdc8981c/attachment-0001.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 130, Issue 2
******************************************
