I have a DHCP server (Version: isc-dhcpd-4.3.5) running on Debian and managing multiple subnets, all running on virtual interfaces eth1:1
, eth1:2
, etc. over the same physical interface eth1
.
All subnets are configured to deny unknown-devices;
and i am adding known devices manually as host XYZ { ... }
entries to each subnet (cf. config below).
I now want to dynamically assign IPs from a specific range in a specific subnet to unknown devices that belong to a specific class (cf. subnet 172.16.44.0/24
in the config below).
The [...]
indicate that I have omitted parts of the config that would be placed here. Those are mostly host
entries and further subnets that are configured in the exact same way the subnets 172.16.0.0/24
and 172.16.1.0/24
are.
What i would like to achieve is to generally deny unknown-devices;
, except if they belong to the class dynamic
, in which case I want to assign an IP address from the pool range of the 172.16.44.0/24
subnet.
log-facility local7;
default-lease-time 3600;
max-lease-time 86400;
authoritative;
shared-network testnet {
allow unknown-clients;
option subnet-mask 255.255.255.0;
option domain-name "test.net";
subnet 172.16.0.0 netmask 255.255.255.0 {
deny unknown-clients;
range 172.16.0.100 172.16.0.254;
option domain-name-servers 172.16.0.1;
option routers 172.16.0.1;
[...]
}
subnet 172.16.1.0 netmask 255.255.255.0 {
deny unknown-clients;
range 172.16.1.100 172.16.1.254;
option domain-name-servers 172.16.1.1;
option routers 172.16.1.1;
[...]
}
[...]
class "dynamic" {
match if substring(hardware, 1, 3) = 02:02:02;
log(error, substring(hardware, 1, 3));
}
subnet 172.16.44.0 netmask 255.255.255.0 {
option domain-name-servers 172.16.44.1;
option routers 172.16.44.1;
pool {
allow members of "dynamic";
range 172.16.44.10 172.16.44.254;
log(error, "Assigned dynamic IP");
}
}
[...]
}
The problem now is that, whenever a devices matching the 02:02:02
MAC prefix tries to obtain an IP address, I do get the log(...)
from the class definition, but the actual assignment does not work. Nor do I see the log(...)
from the pool {...}
definition.
The syntax seems to be right -- at least according to dhcpd -t
.
Does somebody spot what I am doing wrong here?