Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

DNS DHCP IPAM

Reply
Highlighted
Accepted Solution

Can you Deny global ipv4 option filter for specific subnets in option filter rules ?

Authority
Posts: 26
3915     0

Can you Deny global ipv4 option filter for specific subnets in option filter rules ?

I have created eufi boot global option filter to intall laptops in all our wan locations form central server.

This works but i want to exclude two supernets from this option filter (about 200 retail stores eacht that have an range in the 10.6.x.0 and 10.170.x.0 networks). Can this be done in match rules in th option filter.

For e.g. option 50 requested ip address sub strings ? (i got an error when i tried it on that option, not valid ip adres)

 

Kind regards

Highlighted

Re: Can you Deny global ipv4 option filter for specific subnets in option filter rules ?

[ Edited ]
Moderator
Moderator
Posts: 147
3916     0

From what I understand, you have a global ipv4 option filter to provide options such as 66/67 to specific clients based on the client's option 60 (VCI) or other similar attributes.

However, there are a couple of subnets where you do not want this global property to be inherited. Going about setting up Option 50 substrings may not be a good idea as the client may not always include a "requested IP" AND it is not mandatory for the requested IP to be accurate (especially when the client is someone who roams across different subnets).

 

https://www.ietf.org/rfc/rfc2132.txt

Requested IP Address:
This option is used in a client request (DHCPDISCOVER) to allow the
client to request that a particular IP address be assigned.

 

Since there are only two affected subnets, what I can think of right away would be to have custom option filter(s) specific to these subnets created and applied at network/range level. If your requirement involves to not use eufi settings on these subnets at all, then perhaps you could try setting non-routable IP addresses/non-existent filepaths while setting up the above filter values at a network/range level

 

Additionally, you can go by setting up option 50 substring "does not equal" - if you can rely on the option 50 values but the field may not accept values ending with a "."

Example:
While offset 0,3  --> 1.1 would work
          offset 0,4  --> 1.1. does not seem to work

 

While I am immediately not aware as to whether this is 'Working as per design' OR 'A limitation' OR 'A defect' - You may want to open a case with Infoblox Support to find out

Highlighted

Re: Can you Deny global ipv4 option filter for specific subnets in option filter rules ?

Authority
Posts: 26
3916     0

Thank you. I'll go and test this.

 

Kind regards Igor

Highlighted

Re: Can you Deny global ipv4 option filter for specific subnets in option filter rules ?

Authority
Posts: 26
3916     0

Option 50 wasn't requested by the client. So i ended up going to specific network ranges where it should be applied and ended up removing the global otion filter for this.The bit om the syntax issue i was having for option filter 50 was spot on to avoid the error i was getting from the gui.

 

Kind regards Igor

Showing results for 
Search instead for 
Do you mean 

Recommended for You

Demo: Infoblox IPAM plug-in integration with OpenStack Newton