I have a question about correct isc-dhcp configuration. I want to lease ip addresses to users based on switch port. For this I use DLink DES-3200 series switches. Everything works well, but recently I've decided to lease particular subnet to all unknown user, i.e. not explicitly specified in dhcpd.conf file. Here is a config example: # dhcpd.conf
default-lease-time 30;
max-lease-time 60;
authoritative;
log-facility local7;
option domain-name-servers 8.8.8.8;
include "/usr/local/etc/dhcpd/dhcpd.classes";
shared-network "clients"
{
subnet 10.5.20.0 netmask 255.255.255.0 {}
include "/usr/local/etc/dhcpd/dhcpd.networks";
}
dhcpd.classes
class "10.5.20.4_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.4_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_1" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "1" ); }
class "10.5.20.2_3" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "3" ); }
class "10.5.20.2_2" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "2" ); }
class "10.5.20.2_4" { match if ( substring(option agent.remote-id,2,15)="10.5.20.2" and binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 4, 2)) = "4" ); }
dhcpd.networks
subnet 172.30.20.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 172.30.20.1;
pool {range 172.30.20.3; allow members of "10.5.20.4_2"; }
pool {range 172.30.20.2; allow members of "10.5.20.4_1"; }
}
subnet 172.30.160.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 172.30.160.1;
pool {range 172.30.160.3; allow members of "10.5.20.2_1"; }
pool {range 172.30.160.4; allow members of "10.5.20.2_3"; }
pool {range 172.30.160.10; allow members of "10.5.20.2_2"; }
pool {range 172.30.160.12; allow members of "10.5.20.2_4"; }
}
So if add add let's say:
subnet 172.20.111.0 netmask 255.255.255.0 {
option routers 172.20.111.1;
max-lease-time 60;
min-lease-time 30;
range 172.20.111.10 172.20.111.20 ;
}
at the end of dhcpd.networks file (which I include into shared-network 'clients' clause, see above), all my clients start getting ip addresses from 172.20.111.0 range, regardless if they have a class specified for their port.
Is there a way to make dhcpd server first look at class declarations and then subnet ?
You write that you added the new subnet at the end of the dhcpd.conf file. You need to add it to the
shared-network, otherwise dhcpd will not consider these networks as alternatives.After reading man dhcpd.conf and playing around I've managed to achieve my goal by making the following ammendments to my dhcpd.networks file:
}
Now it works the way I want it, although I'm not sure if it's going to scale well.
Just an addition to this old but still valid thread. It simplifies the subnet section but adds one line per fixed IP.
class as before:
Add this for each Op82 value to exclude the fixed IP customer from the free pool: subclass "FixedIP" "YourOp82Value";
In the subnet:
This way you don't have to crowd the subnet section with lots of deny-lines. One will do.