diff options
Diffstat (limited to 'doc/examples/kea4/classify2.json')
| -rw-r--r-- | doc/examples/kea4/classify2.json | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/doc/examples/kea4/classify2.json b/doc/examples/kea4/classify2.json new file mode 100644 index 0000000..3bb48d2 --- /dev/null +++ b/doc/examples/kea4/classify2.json @@ -0,0 +1,180 @@ +// This is an example configuration file for the DHCPv4 server in Kea. +// The purpose of this example is to showcase how clients can be classified +// with advanced features. + +{ "Dhcp4": + +{ + +// Kea is told to listen on eth0 interface only. + "interfaces-config": { + "interfaces": [ "eth0" ] + }, + +// Let's use the simplest backend: memfile and use some reasonable values +// for timers. They are of no concern for the classification demonstration. + "lease-database": { "type": "memfile" }, + "renew-timer": 1000, + "rebind-timer": 2000, + "valid-lifetime": 4000, + +// This list defines several classes that incoming packets can be assigned to. +// One packet can belong to zero or more classes. + "client-classes": [ + +// This class is required by the second subnet and is evaluated only +// if it is required. The test expression returns true. +// Note it is not possible to depend on VoIP class because it is not yet +// defined. + { + "name": "second_subnet", + "only-if-required": true, + "test": "member('ALL')", + "option-data": [{ + "name": "domain-name-servers", + "data": "127.0.0.1" + }] + }, + +// Let's classify all incoming DISCOVER (message type 1) to a separate +// class. + { + "name": "discovers", + "test": "pkt4.msgtype == 1" + }, + +// Clients are supposed to set the transaction-id field to a random value. +// Clients that send it with 0 are most likely broken. Let's mark them +// as such. + { + "name": "broken", + "test": "pkt4.transid == 0" + }, + +// Let's pick VoIP phones. Those that send their class identifiers +// as Aastra, should belong to VoIP class. For a list of all options, +// see www.iana.org/assignments/bootp-dhcp-parameters/. +// In this particular class, we want to set specific values +// of certain DHCPv4 fields. If the incoming packet matches the +// test, those fields will be set in outgoing responses. +// The option 43 is defined to encapsulate suboption in the aastra space. + { + "name": "VoIP", + "test": "substring(option[60].hex,0,6) == 'Aastra'", + "next-server": "192.0.2.254", + "server-hostname": "hal9000", + "boot-file-name": "/dev/null", + "option-def": [ { + "name": "vendor-encapsulated-options", + "code": 43, + "type": "empty", + "encapsulate": "aastra" } ] + }, + +// Both a VoIP phone (by evaluation or host reservation) and has a host +// reservation. + { + "name": "VoIP_host", + "test": "member('VoIP') and member('KNOWN')", + "server-hostname": "hal9001" + } + + ], + +// The following list defines subnets. For some subnets we defined +// a class that is allowed in that subnet. If not specified, +// everyone is allowed. When a class is specified, only packets belonging +// to that class are allowed for that subnet. + "subnet4": [ + { +// This one is for VoIP devices only. + "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ], + "id": 1, + "subnet": "192.0.2.0/24", + "client-class": "VoIP", + "interface": "eth0" + }, +// This one doesn't have any client-class specified, so everyone +// is allowed in. The normal subnet selection rules still apply, +// though. There is also a static class reservation for a client +// using MAC address 1a:1b:1c:1d:1e:1f. This client will always +// be assigned to this class. + { + "pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ], + "id": 2, + "subnet": "192.0.3.0/24", + "reservations": [ + { + "hw-address": "1a:1b:1c:1d:1e:1f", + "client-classes": [ "VoIP" ] + } ], + "interface": "eth0", + "require-client-classes": [ "second_subnet" ] + }, + +// The following list defines a subnet with pools. For some pools +// we defined a class that is allowed in that pool. If not specified +// everyone is allowed. When a class is specified, only packets belonging +// to that class are allowed for that pool. + { + "pools": [ + { +// This one is for VoIP devices only. + "pool": "192.0.4.1 - 192.0.4.200", + "client-class": "VoIP" + }, +// This one doesn't have any client-class specified, so everyone +// is allowed in. + { + "pool": "192.0.5.1 - 192.0.5.200" + } ], + "id": 3, + "subnet": "192.0.4.0/23", + "interface": "eth1" + }, +// This subnet is divided in two pools for unknown and known +// (i.e. which have a reservation) clients. The built-in KNOWN and +// UNKNOWN classes are set or not at host reservation lookup (KNOWN if +// this returns something, UNKNOWN if this finds nothing) and client +// classes depending on it are evaluated. +// This happens after subnet selection and before address allocation +// from pools. + { + "pools": [ + { + "pool": "192.0.8.100 - 192.0.8.200", + "client-class": "UNKNOWN" + }, + { + "pool": "192.0.9.100 - 192.0.9.200", + "client-class": "KNOWN" + } + ], + "id": 4, + "subnet": "192.0.8.0/23", + "reservations": [ + { "hw-address": "00:00:00:11:22:33", "hostname": "h1" }, + { "hw-address": "00:00:00:44:55:66", "hostname": "h4" }, + { "hw-address": "00:00:00:77:88:99", "hostname": "h7" }, + { "hw-address": "00:00:00:aa:bb:cc", "hostname": "ha" } + ] + } + ], + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. + "loggers": [ + { + "name": "kea-dhcp4", + "output-options": [ + { + "output": "stdout" + } + ], + "severity": "INFO" + } + ] +} + +} |