From: Francis Dupont Date: Wed, 13 Dec 2017 22:10:26 +0000 (+0100) Subject: [5425] Addressed comments about doc X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5bed1ae59eb3577e36db0aa523a67755bcf920e;p=thirdparty%2Fkea.git [5425] Addressed comments about doc --- diff --git a/doc/examples/kea4/advanced.json b/doc/examples/kea4/advanced.json index 34b062e269..f883da4982 100644 --- a/doc/examples/kea4/advanced.json +++ b/doc/examples/kea4/advanced.json @@ -153,10 +153,12 @@ ], "subnet": "192.0.8.0/23", "reservations": [ - { "hw-address": "00:00:00:11:22:33" }, - { "hw-address": "00:00:00:44:55:66" }, - { "hw-address": "00:00:00:77:88:99" }, - { "hw-address": "00:00:00:aa:bb:cc" } + // Some host reservations without addresses (so addresses + // will be from the know-client only pool). + { "hw-address": "00:00:00:11:22:33", "hostname": "h1" }, + { "hw-address": "00:00:00:44:55:66", "hostname": "h2" }, + { "hw-address": "00:00:00:77:88:99", "hostname": "h3" }, + { "hw-address": "00:00:00:aa:bb:cc", "hostname": "h4" } ] } ] diff --git a/doc/examples/kea4/classify.json b/doc/examples/kea4/classify.json index e769e581f0..a44b030455 100644 --- a/doc/examples/kea4/classify.json +++ b/doc/examples/kea4/classify.json @@ -76,18 +76,19 @@ // everyone is allowed. When a class is specified, only packets belonging // to that class are allowed for that subnet. "subnet4": [ + // This one is for VoIP devices only. { -// This one is for VoIP devices only. "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ], "subnet": "192.0.2.0/24", "client-class": "VoIP", "interface": "ethX" }, -// This one doesn't have any client-class specified, so everyone -// is allowed in. The normal subnet selection rules still apply, -// though. There is also a static class reservation for a client -// using MAC address 1a:1b:1c:1d:1e:1f. This client will always -// be assigned to this class. + + // This one doesn't have any client-class specified, so everyone + // is allowed in. The normal subnet selection rules still apply, + // though. There is also a static class reservation for a client + // using MAC address 1a:1b:1c:1d:1e:1f. This client will always + // be assigned to this class. { "pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ], "subnet": "192.0.3.0/24", @@ -99,25 +100,27 @@ "interface": "ethX" }, -// The following list defines a subnet with pools. For some pools -// we defined a class that is allowed in that pool. If not specified -// everyone is allowed. When a class is specified, only packets belonging -// to that class are allowed for that pool. - { + // The following list defines a subnet with pools. For some pools + // we defined a class that is allowed in that pool. If not specified + // everyone is allowed. When a class is specified, only packets belonging + // to that class are allowed for that pool. + { "pools": [ + // This one is for VoIP devices only. { -// This one is for VoIP devices only. "pool": "192.0.4.1 - 192.0.4.200", "client-class": "VoIP" }, -// This one doesn't have any client-class specified, so everyone -// is allowed in. + + // This one doesn't have any client-class specified, + // so everyone is allowed in. { "pool": "192.0.5.1 - 192.0.5.200" } ], - "subnet": "192.0.4.0/23", - "interface": "ethY" - } + + "subnet": "192.0.4.0/23", + "interface": "ethY" + } ] }, diff --git a/doc/examples/kea6/advanced.json b/doc/examples/kea6/advanced.json index 85fa54c7d2..fe7b6feb05 100644 --- a/doc/examples/kea6/advanced.json +++ b/doc/examples/kea6/advanced.json @@ -150,10 +150,12 @@ ], "subnet": "2001:db8:8::/46", "reservations": [ - { "hw-address": "00:00:00:11:22:33" }, - { "hw-address": "00:00:00:44:55:66" }, - { "hw-address": "00:00:00:77:88:99" }, - { "hw-address": "00:00:00:aa:bb:cc" } + // Some host reservations without addresses (so addresses + // will be from the know-client only pool). + { "duid": "00:11:22:33", "hostname": "h1" }, + { "duid": "00:44:55:66", "hostname": "h2" }, + { "duid": "00:77:88:99", "hostname": "h3" }, + { "duid": "00:aa:bb:cc", "hostname": "h4" } ] } ] diff --git a/doc/examples/kea6/classify.json b/doc/examples/kea6/classify.json index b6e184b618..151392e845 100644 --- a/doc/examples/kea6/classify.json +++ b/doc/examples/kea6/classify.json @@ -61,9 +61,10 @@ "client-class": "cable-modems", "interface": "ethX" }, -// The following subnet contains a class reservation for a client using -// DUID 01:02:03:04:05:0A:0B:0C:0D:0E. This client will always be assigned -// to this class. + + // The following subnet contains a class reservation for a client using + // DUID 01:02:03:04:05:0A:0B:0C:0D:0E. This client will always be assigned + // to this class. { "pools": [ { "pool": "2001:db8:2::/80" } ], "subnet": "2001:db8:2::/64", @@ -74,8 +75,9 @@ } ], "interface": "ethX" }, -// The following subnet contains a pool with a class constraint: only -// clients which belong to the class are allowed to use this pool. + + // The following subnet contains a pool with a class constraint: only + // clients which belong to the class are allowed to use this pool. { "pools": [ { diff --git a/doc/guide/classify.xml b/doc/guide/classify.xml index d3ecce7dcb..23009e98f5 100644 --- a/doc/guide/classify.xml +++ b/doc/guide/classify.xml @@ -848,6 +848,45 @@ concatenation of the strings ... ], ... +} + + + + The following example shows restricting access to an address pool. + This configuration will restrict use of the addresses 2001:db8:1::1 + to 2001:db8:1::FFFF to members of the "Client_enterprise" class. + +"Dhcp6": { + "client-classes": [ + { + "name": "Client_enterprise_", + "test": "substring(option[1].hex,0,6) == 0x0002AABBCCDD'", + "option-data": [ + { + "name": "dns-servers", + "code": 23, + "space": "dhcp6", + "csv-format": true, + "data": "2001:db8:0::1, 2001:db8:2::1" + } + ] + }, + ... + ], + "subnet6": [ + { + "subnet": "2001:db8:1::/64", + + "pools": [ + { + "pool": "2001:db8:1::-2001:db8:1::ffff", + "client-class": "Client_foo" + } + ] + }, + ... + ], + ... } diff --git a/doc/guide/dhcp4-srv.xml b/doc/guide/dhcp4-srv.xml index 9ac803ba20..e2aa65534f 100644 --- a/doc/guide/dhcp4-srv.xml +++ b/doc/guide/dhcp4-srv.xml @@ -2079,12 +2079,9 @@ It is merely echoed by the server - When subnets belong to a shared network the classification applies - to subnet selection but not to pools, e.g., a pool in a subnet - limited to a particular class can still be used by clients which do not - belong to the class if the pool they are expected to use is exhausted. - So the limit access based on class information is also available - at the pool level, see . + Client classification can also be used to restrict access to specific + pools within a subnet. This is useful when to segregate clients belonging + to the same subnet into different address ranges. diff --git a/doc/guide/dhcp6-srv.xml b/doc/guide/dhcp6-srv.xml index 0875c728a4..71dd8ad923 100644 --- a/doc/guide/dhcp6-srv.xml +++ b/doc/guide/dhcp6-srv.xml @@ -1949,13 +1949,9 @@ should include options from the isc option space: - When subnets belong to a shared network the classification applies - to subnet selection but not to pools, e.g., a pool in a subnet - limited to a particular class can still be used by clients which do not - belong to the class if the pool they are expected to use is exhausted. - So the limit access based on class information is also available - at the address/prefix pool level, see . + Client classification can also be used to restrict access to specific + pools within a subnet. This is useful when to segregate clients belonging + to the same subnet into different address ranges.