2

I have a DHCP server (Version: isc-dhcpd-4.3.5) running on Debian and managing multiple subnets, all running on virtual interfaces eth1:1, eth1:2, etc. over the same physical interface eth1.

All subnets are configured to deny unknown-devices; and i am adding known devices manually as host XYZ { ... } entries to each subnet (cf. config below).

I now want to dynamically assign IPs from a specific range in a specific subnet to unknown devices that belong to a specific class (cf. subnet 172.16.44.0/24 in the config below).

The [...] indicate that I have omitted parts of the config that would be placed here. Those are mostly host entries and further subnets that are configured in the exact same way the subnets 172.16.0.0/24 and 172.16.1.0/24 are.

What i would like to achieve is to generally deny unknown-devices;, except if they belong to the class dynamic, in which case I want to assign an IP address from the pool range of the 172.16.44.0/24 subnet.

log-facility local7;

default-lease-time 3600;
max-lease-time 86400;

authoritative;

shared-network testnet {

        allow unknown-clients;
        option subnet-mask 255.255.255.0;
        option domain-name "test.net";

        subnet 172.16.0.0 netmask 255.255.255.0 {
                deny unknown-clients;
                range 172.16.0.100 172.16.0.254;
                option domain-name-servers 172.16.0.1;
                option routers 172.16.0.1;

                [...]

        }

        subnet 172.16.1.0 netmask 255.255.255.0 {
                deny unknown-clients;
                range 172.16.1.100 172.16.1.254;
                option domain-name-servers 172.16.1.1;
                option routers 172.16.1.1;

                [...]
        }

        [...]

        class "dynamic" {
                match if substring(hardware, 1, 3) = 02:02:02;
                log(error, substring(hardware, 1, 3));
        }

        subnet 172.16.44.0 netmask 255.255.255.0 {
                option domain-name-servers 172.16.44.1;
                option routers 172.16.44.1;

                pool {
                        allow members of "dynamic";
                        range 172.16.44.10 172.16.44.254;
                        log(error, "Assigned dynamic IP");
                }
        }

        [...]

}

The problem now is that, whenever a devices matching the 02:02:02 MAC prefix tries to obtain an IP address, I do get the log(...) from the class definition, but the actual assignment does not work. Nor do I see the log(...) from the pool {...} definition.

The syntax seems to be right -- at least according to dhcpd -t.

Does somebody spot what I am doing wrong here?

Improve this question
2
  • Did you ever figure this out? I think I have the same problem
    – JamesHannah
    Commented Mar 8, 2023 at 12:20
  • 1
    @JamesHannah I added an answer. I hope that helps. It was quite some time ago we had to deal with this issue. I think to remember that the issue was getting the actual match working correctly and clearing existing leases.
    – sge
    Commented Mar 15, 2023 at 13:16

1 Answer 1

Reset to default
1

To get this working, we had to clear the lease cache in /var/lib/dhcp/dhcpd.leases~ and modify the class definition as follows.

        class "cloudVM" {
                match if (binary-to-ascii(16, 8, ":", substring(hardware, 0, 4)) = "1:2:2:2");
        }

        # cloud VMs
        subnet 172.16.44.0 netmask 255.255.255.0 {
                option domain-name-servers 172.16.44.1;
                option routers 172.16.44.1;

                pool {
                        range 172.16.44.10 172.16.44.254;
                        allow members of "cloudVM";
                }

        }
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .