Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the
request. (Juan Antonio Garc?a Moreno)
2. Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the
request. (Simon Hobson)
3. Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the
request. (Juan Antonio Garc?a Moreno)
----------------------------------------------------------------------
Message: 1
Date: Mon, 5 Aug 2019 10:38:55 +0200
From: Juan Antonio Garc?a Moreno <jagar...@emergya.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the request.
Message-ID:
<cajbovphv7dog+p4f7-egbjouxb0bzf5oy7sfbedzgk6sac6...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi everybody
I'm testing this:
###############################################################
class "smartphones" {
match if option vendor-class-identifier = "android-dhcp-9";
}
subnet 10.53.0.0 netmask 255.255.0.0 {
default-lease-time 86400;
max-lease-time 172800;
option broadcast-address 10.53.255.255;
option routers 10.53.1.1;
# Unknown Clients Range.
pool {
deny known-clients;
range 10.53.33.1 10.53.35.254;
}
..
# Smartphones Range.
pool {
allow members of "smartphones";
deny known-clients;
range 10.53.10.2 10.53.11.254;
}..
###############################################################
My smartphone have a IP from "range 10.53.33.1 10.53.35.254;"
To test if the classification work, I turn off the WIFI of my smartphone,
wait some seconds and turn on the WIFI again, but the WIFI get the same IP
that it had previously from "range 10.53.33.1 10.53.35.254;".
Can you tell me how I can test this config correctly?
Best regards
..
El jue., 1 ago. 2019 a las 18:01, Sten Carlsen (<st...@s-carlsen.dk>)
escribi?:
>
>
> What Sten is doing is as described in the manual (man dhcpd.conf) section
> under subclassing. So your "laptop" class might look like :
> class "laptop" {
> match pick-first-value (option dhcp-client-identifier, hardware);
> }
> subclass "laptop" 1:aa:bb:cc:dd:ee:ff ;
> subclass "laptop" 1:ff:ee:dd:cc:bb:aa ;
> ...
> This works if you know (in advance, or at least as they are "registered" onto
> the network) the client ID and/or MAC address for each device, it doesn't
> work if devices can just come and go as they please.
>
>
> Examples of how my files look, only relevant details are shown:
> dhcpd.conf:
>
>
> # class definitions
> class "gateway-0" {
> match hardware;
> }
>
>
> class "gateway-5" {
> match hardware;
> }
>
> # Subnet Declarations
> shared-network hjemme{
> authoritative;
>
> subnet 192.168.16.0 netmask 255.255.255.0{
> option domain-name "xx";
> option domain-name-servers 192.168.16.20;
> option domain-name-servers xx;
> option subnet-mask 255.255.255.0;
> # B-NODE: Broadcast - no WINS
> option netbios-node-type 1;
> pool{
> # NO router - these must not touch the internet
> allow members of "gateway-0";
> range 192.168.16.160 192.168.16.195;
> }
> pool{
> # these go to the FIBER link
> option routers 192.168.16.5;
> allow members of "gateway-5";
> range 192.168.16.50 192.168.16.150;
> }
> }
>
> subnet 192.168.161.0 netmask 255.255.255.0{
> max-lease-time 300;
> default-lease-time 150;
> pool{
> # These are not known (yet) and shall not see any other host
> deny known-clients;
> deny members of "gateway-0";
> deny members of "gateway-5";
> range 192.168.161.100 192.168.161.150;
> }
> }
>
> }
>
>
> include "/etc/dhcp/subclass.conf";
>
> subclass.conf:
>
> subclass "gateway-0" 1:00:18:4d:58:a3:ae;
> subclass "gateway-0" 1:00:1c:42:84:58:bd;
> subclass "gateway-0" 1:00:1d:b3:cb:65:80 {ddns-hostname procurve-1;}
> subclass "gateway-0" 1:00:40:8C:29:1E:AE;
> subclass "gateway-0" 1:00:80:f0:8f:fd:27;
> subclass "gateway-0" 1:00:80:f0:a0:02:40;
> subclass "gateway-0" 1:28:10:7b:10:5c:a2 {ddns-hostname argus4;}
> subclass "gateway-0" 1:de:ad:be:ef:fe:ed {ddns-hostname ard;}
> subclass "gateway-5" 1:00:11:32:05:BB:E9 {always-broadcast
> on;ddns-hostname ds-209;}
> subclass "gateway-5" 1:00:16:cb:95:7a:7c;
> subclass "gateway-5" 1:00:17:f2:41:7c:ff;
> subclass "gateway-5" 1:00:18:56:22:d6:93;
> subclass "gateway-5" 1:00:1b:63:05:99:1b;
> subclass "gateway-5" 1:00:1b:63:1d:1a:f4;
> subclass "gateway-5" 1:00:1e:c2:14:ee:7b;
> subclass "gateway-5" 1:00:1e:c2:a6:f5:35;
>
>
> Sten
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
[image: EMERGYA] <http://www.emergya.com/>
*Juan Garc?a*
*Dto. de Soporte Interno*
*EMERGYA INGENIER?A*
*m:* +34 954 517 577
*p:* +34 954 517 577
*e:* jagar...@emergya.com
[image: linkedin icon] <https://www.linkedin.com/company/emergya> [image:
facebook icon] <https://www.facebook.com/Emergya> [image: twitter icon]
<https://twitter.com/emergya> [image: youtube icon]
<https://www.youtube.com/channel/UCU0ISPwk1pcOWwjpX63gN_A>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190805/414dd546/attachment-0001.html>
------------------------------
Message: 2
Date: Mon, 5 Aug 2019 10:13:19 +0100
From: Simon Hobson <dh...@thehobsons.co.uk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the request.
Message-ID: <7df383a8-6f2b-470c-b6c6-ebebbd13a...@thehobsons.co.uk>
Content-Type: text/plain; charset=utf-8
Juan Antonio Garc?a Moreno <jagar...@emergya.com> wrote:
> I'm testing this:
And finding that it doesn't do what you expect !
> ###############################################################
> class "smartphones" {
> match if option vendor-class-identifier = "android-dhcp-9";
> }
>
> subnet 10.53.0.0 netmask 255.255.0.0 {
>
> default-lease-time 86400;
> max-lease-time 172800;
>
> option broadcast-address 10.53.255.255;
> option routers 10.53.1.1;
>
> # Unknown Clients Range.
> pool {
> deny known-clients;
> range 10.53.33.1 10.53.35.254;
> }
> ..
> # Smartphones Range.
> pool {
> allow members of "smartphones";
> deny known-clients;
> range 10.53.10.2 10.53.11.254;
> }..
> ###############################################################
>
> My smartphone have a IP from "range 10.53.33.1 10.53.35.254;"
>
> To test if the classification work, I turn off the WIFI of my smartphone,
> wait some seconds and turn on the WIFI again, but the WIFI get the same IP
> that it had previously from "range 10.53.33.1 10.53.35.254;".
>
> Can you tell me how I can test this config correctly?
Two things :
If you refer to man dhcpd.conf you'll see that a "known" client is one that has
a host declaration. Since you have no known clients, all of them are unknown
and you cannot separate clients into pools using (un)known-client.
DO NOT MIX ALLOW AND DENY ! They do not work as most people expect them to
(specifically they are **NOT** evaluated top-down as a list, stopping at the
first match), and rather than working out what the mix does, simply use only
allow or only deny. If you use an allow statement, then anything not allowed is
automatically disallowed (an implicit "deny all"). Similarly, if you use a deny
statement, then anything not denied is automatically allowed (implicit "allow
all").
So you probably want to do this :
# Unknown Clients Range.
pool {
deny members of "smartphones";
# Note that he use of deny here implicitly allows everything else
range 10.53.33.1 10.53.35.254;
}
..
# Smartphones Range.
pool {
allow members of "smartphones";
# Note that the allow statement here implicitly denies everything else
range 10.53.10.2 10.53.11.254;
}..
When you expand you config, you'll end up with :
# Unknown Clients Range.
pool {
deny members of "smartphones";
deny members of "tablets";
deny members of "laptops";
range 10.53.33.1 10.53.35.254;
}
AFAIK there is no easier way to do this bit other than listing all the classes
that can't use the pool. You do have to explicitly deny the classes here,
otherwise members of them are still allowed to have addresses from that pool.
------------------------------
Message: 3
Date: Mon, 5 Aug 2019 12:52:04 +0200
From: Juan Antonio Garc?a Moreno <jagar...@emergya.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: To have various IP ranges in the same subnet and assign
the IP Address depending of the device type that sends the request.
Message-ID:
<CAJbOvPHt9skw=OCrqQThQPBeMWSQ_3950HJHj-=tlc0dpff...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Simon,
I relly have some hosts declarations, but I don't have put these in the
post.
Now really I have the config about this:
###############################################################
ddns-update-style none;
log-facility local7;
default-lease-time 7200;
max-lease-time 7200;
update-static-leases true;
authoritative;
option domain-name "company-test.com";
option domain-search "company-test.es","company-test.info","company-test.com
";
option domain-name-servers 10.53.1.2, 8.8.8.8;
lease-file-name "/var/lib/dhcp/dhcpd.leases";
#******* Hosts Declarations *******#
class "smartphones" {
match if option vendor-class-identifier = "android-dhcp-9";
}
#******* VLAN1 (10.53.0.0/16) *******#
subnet 10.53.0.0 netmask 255.255.0.0 {
default-lease-time 86400;
max-lease-time 172800;
option broadcast-address 10.53.255.255;
option routers 10.53.1.1;
# Unknown Clients Range.
pool {
deny members of "smartphones";
range 10.53.33.1 10.53.35.254;
}
# Smartphones Range.
pool {
allow members of "smartphones";
range 10.53.10.2 10.53.11.254;
}
host PC-01 {
hardware ethernet ff:ff:ff:ff:ff:01;
fixed-address 10.53.100.5;
}
host PC-02 {
hardware ethernet ff:ff:ff:ff:ff:02;
fixed-address 10.53.100.6;
}
}
#******* VLAN10 (10.188.10.0/24) *******#
subnet 10.153.10.0 netmask 255.255.255.0 {
option broadcast-address 10.153.10.255;
option routers 10.153.10.1;
pool {
range 10.153.10.50 10.153.10.99;
}
host PC-10-01 {
hardware ethernet ff:ff:ff:ff:ff:10;
fixed-address 10.153.10.5;
}
}
###############################################################
This config seems that works, classifing the "smartphones" and assigning a
IP from "range 10.53.10.2 10.53.11.254;" and assigning to unknown devices
from "range 10.53.33.1 10.53.35.254;"
I'm going to test:
------------------------------------------------------
class "smartphones" {
match if not known and (
substring(option vendor-class-identifier,0,12) = "android-dhcp-" or
substring(option vendor-class-identifier,0,6) = "dhcpcd-" or
substring(option vendor-class-identifier,0,14) = "HUAWEI:android:" or
);
}
------------------------------------------------------
And too, howto fill a text file with the "vendor-class-identifier" of the
smartphones and include in the DHCP Server config to match the smartphones
devices too.
Best regards
El lun., 5 ago. 2019 a las 11:13, Simon Hobson (<dh...@thehobsons.co.uk>)
escribi?:
> Juan Antonio Garc?a Moreno <jagar...@emergya.com> wrote:
> > I'm testing this:
>
> And finding that it doesn't do what you expect !
>
> > ###############################################################
> > class "smartphones" {
> > match if option vendor-class-identifier = "android-dhcp-9";
> > }
> >
> > subnet 10.53.0.0 netmask 255.255.0.0 {
> >
> > default-lease-time 86400;
> > max-lease-time 172800;
> >
> > option broadcast-address 10.53.255.255;
> > option routers 10.53.1.1;
> >
> > # Unknown Clients Range.
> > pool {
> > deny known-clients;
> > range 10.53.33.1 10.53.35.254;
> > }
> > ..
> > # Smartphones Range.
> > pool {
> > allow members of "smartphones";
> > deny known-clients;
> > range 10.53.10.2 10.53.11.254;
> > }..
> > ###############################################################
> >
> > My smartphone have a IP from "range 10.53.33.1 10.53.35.254;"
> >
> > To test if the classification work, I turn off the WIFI of my
> smartphone, wait some seconds and turn on the WIFI again, but the WIFI get
> the same IP that it had previously from "range 10.53.33.1 10.53.35.254;".
> >
> > Can you tell me how I can test this config correctly?
>
> Two things :
>
> If you refer to man dhcpd.conf you'll see that a "known" client is one
> that has a host declaration. Since you have no known clients, all of them
> are unknown and you cannot separate clients into pools using
> (un)known-client.
>
> DO NOT MIX ALLOW AND DENY ! They do not work as most people expect them to
> (specifically they are **NOT** evaluated top-down as a list, stopping at
> the first match), and rather than working out what the mix does, simply use
> only allow or only deny. If you use an allow statement, then anything not
> allowed is automatically disallowed (an implicit "deny all"). Similarly, if
> you use a deny statement, then anything not denied is automatically allowed
> (implicit "allow all").
>
> So you probably want to do this :
>
> # Unknown Clients Range.
> pool {
> deny members of "smartphones";
> # Note that he use of deny here implicitly allows everything else
> range 10.53.33.1 10.53.35.254;
> }
> ..
> # Smartphones Range.
> pool {
> allow members of "smartphones";
> # Note that the allow statement here implicitly denies everything else
> range 10.53.10.2 10.53.11.254;
> }..
>
> When you expand you config, you'll end up with :
> # Unknown Clients Range.
> pool {
> deny members of "smartphones";
> deny members of "tablets";
> deny members of "laptops";
> range 10.53.33.1 10.53.35.254;
> }
> AFAIK there is no easier way to do this bit other than listing all the
> classes that can't use the pool. You do have to explicitly deny the classes
> here, otherwise members of them are still allowed to have addresses from
> that pool.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
[image: EMERGYA] <http://www.emergya.com/>
*Juan Garc?a*
*Dto. de Soporte Interno*
*EMERGYA INGENIER?A*
*m:* +34 954 517 577
*p:* +34 954 517 577
*e:* jagar...@emergya.com
[image: linkedin icon] <https://www.linkedin.com/company/emergya> [image:
facebook icon] <https://www.facebook.com/Emergya> [image: twitter icon]
<https://twitter.com/emergya> [image: youtube icon]
<https://www.youtube.com/channel/UCU0ISPwk1pcOWwjpX63gN_A>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190805/e645589c/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 130, Issue 4
******************************************
