Versions Compared

Old Version 1

changes.mady.by.user Panna .

Saved on

compared with

New Version Current

changes.mady.by.user Shwetha S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can use option filters to classify DHCP clients and decide which DHCP options each group of clients can receive. By default, regardless of the networks in which the DHCP clients reside and whether an option filter is applied to a DHCP range or range template, all DHCP clients that match the filter criteria receive the DHCP options and values you define in the filter. You can change this configuration so the appliance does not use the filter to classify DHCP clients. For information about how to configure this, see Defining Option Filters below.
You can add DHCP options and the Hardware Operator option to an option filter. (For information about the Hardware Operator option, see DHCP Hardware Operator below.) Depending on whether the options you add to the filter are also defined at the Grid, member, network, and DHCP range levels, and whether you add the filter to the Class Filter List or Logic Filter List, the appliance either appends them to the existing options or overwrites the option values before returning them to the matching clients. For more information about how the appliance returns DHCP options, see Adding Filters to the Logic Filter List.
The appliance can filter an address request by the options (such as root-server-ip-address or user-class) of the requesting host. Depending on how you apply an option filter, the appliance can grant or deny an address request if the requesting host matches the filter criteria. You can also create complex match rules that use the AND and OR logic to further define the filter criteria. When you select match rules in Grid Manager, you can preview the rules before committing them to the filter. Grid Manager provides an expression builder that automatically builds the rules after you define them.
To define an option filter and apply it to an address range:

  1. Define an option filter based on either the predefined or custom DHCP options.

  2. Apply the filter to a DHCP address range or range template in the Class Filter List or Logic Filter List. For information, see Applying Filters to DHCP Objects.

After you define an option space and add options to it, you can set up option filters and define option values. For example, to handle two different client classes, you can define two option filters (vendor-class_1 and vendor-class_2) and send different option values to different clients based on the vendor-class-identifier options that you obtain from the clients.

...

This filter rule assumes that the values exist in the DHCP packets.
The following table provides examples of rules that include the Hardware Operator option. The entry in the first drop-down list for all rules is Hardware Operator.
Hardware Operator Sample Rules


Rule Description

Second Drop-Down List (operator)

Text Field (string)


Offset


Length

Match a hardware type and MAC address.

equals

01:00:C0:B0:AA:BB:CC



Match hardware type only.

substring equals

01

0

1

Match the vendor MAC prefix (first three bytes of MAC address).

substring equals

00:C0:B0

1

3

Defining Option Filters

To define an option filter:

  1. From the Data Management tab, select the DHCP tab ->Filters tab, and then expand the Toolbar and click Add -> IPv4/IPv6 Option Filter.

  2. or
    From any panel in the DHCP tab, expand the Toolbar and click Add -> IPv4/IPv6 Option Filter.

  3. In the Add IPv4 Option Filter wizard, complete the following:

    • Name: Enter a meaningful name for the option filter. For example, you can enter Linux if you plan to use this option filter to screen Linux systems. The name must be unique within a specific network. If you want to specify option settings in the filter, the filter name must be unique among all option filters.

    • Comment: Enter useful information about the filter.

    • Apply this filter as a global DHCP class: This checkbox is selected by default. When you select this checkbox, the appliance defines a global class statement in the dhcpd configuration file for members that have DHCP enabled, regardless of whether the filter is applied to a DHCP range or range template. All DHCP clients that belong to this class receive the DHCP options and values you define in the filter. When you clear this checkbox, you cannot apply this filter to the Class Filter List of a range or range template. You cannot clear this checkbox if the filter is currently applied to a range or range template. The appliance displays an error message when you try to save this configuration.

  4. Click Next and complete the following to add match rules:

    • In the first drop-down list, select a DHCP option.
      For example,

      • If you are adding an IPv4 option filter, select user-class(77) for a specific user class, such as mobile users.

      • If you are adding an IPv6 option filter, select dhcp6.fqdn (39) string for a specific domain name.
        The following DHCP options are not supported for IPv6 option filter:

        •  dhcp6.bcms-server-a

        • dhcp6.bcms-server-d

        • dhcp6.domain-search

        • dhcp6.name-servers

        • dhcp6.nis-domain-name

        • dhcp6.nisp-domain-name

        • dhcp6.nis-servers

        • dhcp6.preference (7) 8-bit unsigned integer

        • dhcp6.rapid-commit (14) boolean

        • dhcp6.server-id (2) string

        • dhcp6.sip-servers-addresses

        • dhcp6.sip-servers-names(21) domain-list

        • dhcp6.sntp-servers

        • dhcp6.unicast(12)ip-address

      • If you are adding an IPv6 relay agent option filter, select dhcp6.subscriber-id(38) for a specific relay agent. The following DHCP options are supported for IPv6 relay agent filters:

        • dhcp6.subscriber-id(38) string

        • dhcp6.remote-id(37) string

        • dhcp6.interface-id(18) string
          Note the following:
          In the second drop-down list, select an operator: exist and does not exist are not supported for IPv6 relay agent filters.
          The Relay Agent field can only be set to an integer value from 0 and 33. Example: 10.
          The relay agent value 0 is reserved for relay-agent options introduced by a DHCP client, not by an intermediate relay-agent.
          The relay agent value ranges from 1 to 32. Relay agent value 1 is the first relay agent that the DHCP packet encounters on its journey from a DHCP client to the DHCP server. Consequently, the relay agent IDs are incremented accordingly.
          The relayagent value 33 is the relay-agent that is closest to the DHCP server on the path traversed by the DHCP packet, connecting the DHCP client to the DHCP server.

    • In the second drop-down list, select an operator.
      If you select equals or does not equal, enter the value of the selected option you want the filter to match in the field.
      If your operator and match value include a substring of an option value, enter the offset and length of the substring based on the following definitions:

      • Offset: Enter the number of characters at which the match value substring starts in the option data. Enter 0 to start at the beginning of the option data, enter 1 for the second position, and so on. For example, when you enter 2 and have a match value of MSFT, the appliance matches the value MSFT starting at the third character of the option data.

      • Length: Enter the length of the match value. For example, if the match value is MSFT, the length is 4.
        You can do the following and repeat the filter selection steps to add another rule:

    • Click + to add another rule at the same level.

    • Click |<- to add an all (logical AND) or any (logical OR) operator line and a parenthetical rule that is indented one level and above the first rule.

    • Click ->| to add an all (logical AND) or any (logical OR) operator line and a parenthetical rule that is indented one level.
      After you add all the match rules, you can click Preview to view the rules that are written to the dhcpd configuration file or click Reset to remove the previously configured rules and start again. For information about how to use match rules, see Using Match Rules in Option Filters below.
      Note that:
      The IPv6 relay agent filter exist and does not exist operator is not supported.

  5. Click Next and complete the following to define which DHCP options to return to the matching client:

    • Option Space: For an IPv4 or IPv6 option filter select an option space from the drop-down list. This field is not displayed if you do not have custom option spaces. The appliance uses the DHCP option space as the default.

    • Lease Time: Enter the value of the lease time in the field and select the time unit from the drop-down list. The lease time applies to hosts that meet the filter criteria.

      Options to Merge with Object Options
      Click the Add icon. Grid Manager adds a new row to the table with the default DHCP option space and option name displayed. Complete the following:

    • Option Space: Click the down arrow and select an option space from the drop-down list. The selected option space contains the corresponding DHCP options that you can use as filter criteria.

    • Option Name: Click the down arrow and from the drop-down list, select the DHCP option you want to use as filter criteria.

    • Value: Enter the match value that you want the filter to use for the selected DHCP option. To add more options to the filter, click the Add icon and repeat the steps.

  6. Click Next to define extensible attributes. For information, see Managing Extensible Attributes.

  7. Save the configuration and click Restart if it appears at the top of the screen.

Using Match Rules in Option Filters

...

Drawio
custContentId
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameMatch Rules
zoom1
custContentId7343752
pageId26772392
7343752lbox1
contentVer1
revision1

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName31.6
zoom1
custContentId7343758
pageId26772392custContentId7343758
lbox1
contentVer1
revision1

...

The following example shows you how to create an option space, add custom options to it, create an option filter, and a match rule to filter the options so that the NIOS appliance can filter an address request by the vendor options of the requesting hosts. It can grant or deny an address request if the requesting host matches the filter.

  1. Add an option space called MSFT, and then add the following options to it. For information, see Applying DHCP Options.

Option name

Code

Type

root-mount-options

1

Text

root-server-ip-address

2

IP address

root-server-host-name

3

Text

root-server-path-name

4

Text

swap-server-ip-address

5

IP address

swap-file-path-name

6

Text

boot-file-path-name

7

Text

posix-timezone-string

8

String

boot-read-size

9

16-Bit unsigned integer

2. From the Data Management tab, select the DHCP tab -> Filters tab and click the Add icon.

...

4. Select MSFT as the option space, select an option, specify a value for it, and then add it to the i86pc option filter. You can select multiple options. Add the following options to the i86pc option filter:

Option name

Code

Type

root-server-ip-address

2

IP address

root-server-host-name

3

Text

root-server-path-name

4

Text

boot-file-path-name

7

Text

5. From the Data Management tab, select the DHCP tab -> Filters tab -> filter_name, and then click the Add icon.

...