blob: 40b8e3094a3907dc42ac67a5e1bb844b0d3a7222 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
== Configure access restrictions for pools
We can combine what we have learned in the preceeding sections to provide pools
whose access is restricted in some way, for example to a particular class.
Consider the ISC DHCP configuration snippet:
[source,iscdhcp]
----
subnet 10.99.99.0 netmask 255.255.255.0 {
pool {
range 10.99.99.200 10.99.99.250;
allow members of "printers";
}
option routers 10.99.99.1;
}
----
Or the equivalent Kea configuration:
[source,isckea]
----
"Dhcp4": {
"subnet4": [{
"subnet": "10.99.99.0/24",
"pools": [
{
"pool": "10.99.99.200 - 10.99.99.250",
"client-class": "printers"
}
],
"option-data": [
{ "name": "routers", "data": "10.10.0.1" }
]
}],
...
}
----
These define a subnet containing a single pool that is restricted to members of
the "printers" class. (The definition for this class is omitted.)
In FreeRADIUS, to filter access to this pool entries such as the following
should included in the `<raddb>/mods-config/files/dhcp` configuration file:
[source,config]
----
network DHCP-Network-Subnet < 10.99.99.0/24, \
DHCP-Group-Name == "printers", Pool-Name := "printers-pool"
DHCP-Router-Address := 10.99.99.1
----
Note that any number of additional filters can be added to the initial "check"
line to restrict matches to the network block.
|
