05-23-2017 02:14 AM
Can you Deny global ipv4 option filter for specific subnets in option filter rules ?
I have created eufi boot global option filter to intall laptops in all our wan locations form central server.
This works but i want to exclude two supernets from this option filter (about 200 retail stores eacht that have an range in the 10.6.x.0 and 10.170.x.0 networks). Can this be done in match rules in th option filter.
For e.g. option 50 requested ip address sub strings ? (i got an error when i tried it on that option, not valid ip adres)
Solved! Go to Solution.
05-26-2017 03:34 PM - edited 08-15-2017 04:16 PM
From what I understand, you have a global ipv4 option filter to provide options such as 66/67 to specific clients based on the client's option 60 (VCI) or other similar attributes.
However, there are a couple of subnets where you do not want this global property to be inherited. Going about setting up Option 50 substrings may not be a good idea as the client may not always include a "requested IP" AND it is not mandatory for the requested IP to be accurate (especially when the client is someone who roams across different subnets).
Requested IP Address:
This option is used in a client request (DHCPDISCOVER) to allow the
client to request that a particular IP address be assigned.
Since there are only two affected subnets, what I can think of right away would be to have custom option filter(s) specific to these subnets created and applied at network/range level. If your requirement involves to not use eufi settings on these subnets at all, then perhaps you could try setting non-routable IP addresses/non-existent filepaths while setting up the above filter values at a network/range level
Additionally, you can go by setting up option 50 substring "does not equal" - if you can rely on the option 50 values but the field may not accept values ending with a "."
While offset 0,3 --> 1.1 would work
offset 0,4 --> 1.1. does not seem to work
While I am immediately not aware as to whether this is 'Working as per design' OR 'A limitation' OR 'A defect' - You may want to open a case with Infoblox Support to find out
07-13-2017 01:50 PM
Option 50 wasn't requested by the client. So i ended up going to specific network ranges where it should be applied and ended up removing the global otion filter for this.The bit om the syntax issue i was having for option filter 50 was spot on to avoid the error i was getting from the gui.
Kind regards Igor