Table of Contents

Configuring Client-Classes

You can use Network Registrar's client or client-class facility to provide differentiated services to users accessing a common network. You can group your user community based on administrative criteria, and then ensure that each group of users receives the appropriate class of service when they access the network.

If you do not enable client-class processing, the Network Registrar DHCP server provides client leases based solely on their location in the network.

Table 10-1 lists the client-class configuration topics and their associated sections to go to for more information.

Client-Class Procedure

You can enable or disable client-class processing for the DHCP server and apply a set of properties to groups of clients. With client-class processing enabled, the DHCP server assigns the client to an IP address from a matching scope. The server examines every DHCP packet for the client and client-class information and acts accordingly.

To configure client-class, you enable client-class processing for the DHCP server, define scope selection tags for the server, create client-classes that include or exclude those scope selection tags, apply the selection tags to specific scopes, and assign clients to these classes.

Setting Client-Class on the Server

Enabling client-class processing involves informing the DHCP server that the process is enabled, creating scope selection tags, and creating the client-classes themselves.

Enabling Client-Class Processing

The first step is to enable client-class processing for the DHCP server and its scopes.

Step 2   In the DHCP Server Properties dialog box, click the Scope Selection Tags tab (Figure 10-1).

Step 3   Click the Enable client-class processing check box. There are initially no scope selection tags defined.

Using the CLI:

Use the dhcp enable client-class command to enable client-class processing.

nrcmd> dhcp enable client-class 
100 OK
client-class=enabled
 

Defining Scope Selection Tags

To enable client-class processing, you must define a list of scope selection tags for the DHCP server. You can then associate the scope selection tags with particular scopes, clients, and client-classes.

Network Registrar lets you add up to 30 scope selection tags. When the DHCP server configures itself, it checks the number of scope selection tags defined for any network. A network in this context is the aggregation of all of the scopes that are related to a particular subnet. This includes all the scopes that belong together (because they share a common network number and subnet mask) and that are related to one of these through the use of the primary scope reference. Thus, within all of the scopes that make up a network, there can be no more than 30 scope selection tags.

When the DHCP server reads a client entry, the server checks its scope selection inclusion and exclusion criteria against the scope selection tags defined for the scopes on this network. If the client entry references tags that are not present in any scope in the network, then how the server handles the tags depends on whether the reference is for included or excluded tags. If the reference is for excluded tags, the tag has no effect. If the reference is for included tags, the server determines that there is no acceptable scope on that network for this client.

Note   If you delete a selection tag, Network Registrar removes it from the selection tag list, but does not remove it from any existing scope, client, or client-class configuration.

Using the GUI:

If not satisfied with your entry, click the Clear button to clear the field.

Step 2   Click the Add button. The name appears under <none> in the table in the middle of the dialog box.

---

Note   You must click Add. If you click OK, the dialog box closes without the entry being added. Using the GUI, you can only add selection tags, you cannot delete them.

---

Step 3   Add more tags in the same way. If you change your mind about your entries, click Cancel.

Step 4   If you are sure of your entries, click OK.

Step 5   Reload the DHCP server.

Using the CLI:

Use the scope-selection-tag create command to create each scope selection tag. Then reload the DHCP server and use the scope-selection-tag list command to list all the tags.

nrcmd> scope-selection-tag tagCableModemUnprov create 
nrcmd> server dhcp reload 
nrcmd> scope-selection-tag list 
 

You can use the dhcp set log-settings command to debug selection tags, particularly the client-criteria-processing and unknown-criteria settings.

nrcmd> dhcp set log-settings=client-criteria-processing 
 

To delete a scope selection tag, use the scope-selection-tag delete command.

nrcmd> scope-selection-tag tagCableModemUnprov delete 
 

Defining Client-Classes

The next step is to define the client-classes themselves. Again, you do this on the server level.

Using the GUI:

Step 2   Click the Add button to open the Add Client-Class dialog box (Figure 10-3).

Step 3   Enter in the Client-Class field the name of the client-class. This should clearly identify the intent of the client-class, such as CableModem.

Step 4   In the Host Name field, enter a host name or select one of the pre-defined names:

• If you enter a specific host name, dynamic DNS updating must be in effect. (See "Configuring Dynamic DNS Update.") Also enter in the adjoining Domain Name field the domain name of the DNS zone to use when performing DNS updates.
  
  
• @host-name-option—The server uses whatever host name option the client sent.
  
• @no-host-name-option—The server ignores the host name sent by the client. If DNS name generation is in effect, a generated name is used, if so set up for dynamic DNS updating (see step 9 of the "Configuring Dynamic DNS for a Scope" section).
  
• @use-macaddress—The server synthesizes a host name from the client's MAC address.
  
• <Not Specified>—Leaves the host name unspecified.
  
  

Step 5   In the Policy Name field, select the DHCP policy that is appropriate for the client-class, such as policyCableModem. To leave the policy name unspecified, select <Not Specified>.

Step 6   You can choose an action to be performed on the client-class on a global level. Select exclude, one-shot, or <Not Specified>:

• exclude—The server ignores all communication with the client
  
  
• one-shot—Offers an address only once to the client, without renewing or re-offering any lease. This one-shot action allocates provisional addresses when you want unknown clients to have short leases only. (See the "Providing Provisional Addresses to Unknown Clients" section.)
  
  
• <Not Specified>—Leaves the action unspecified.
  
  

Step 7   If you do not want to choose an action on a global level, you can choose to include or exclude specific scope selection tags you defined in the previous section. These inclusions and exclusions appear in the Scope Selection Criteria area of the dialog box. To set the selection tag inclusion or exclusion for this client-class, click the Edit Criteria button. The procedure is described in the "Setting Client-Class Scope Selection Criteria" section.

Step 8   As a final step in this dialog box, add a comment or keyword in the User Defined String field. You can use this to index, sort, or search for the client-classes.

Step 9   Click Apply to continue adding client-classes in the same way, or OK to finish.

To remove a client-class from the DHCP Server Properties dialog box, select it, then click the Remove button.

Using the CLI:

Use the client-class create command to create a client-class. To display the created client-classes, use the client-class list command. To delete a client-class, use the client-class delete command. (To debug client-class problems, use the dhcp set log-settings=client-criteria-processing command.)

nrcmd> client-class CableModem create 
nrcmd> client-class list 
nrcmd> client-class UnwantedClass delete 

Note   Client-class names are case sensitive.

Use the client-class set command to set or edit the properties of the clients. For example, to change the policy that the client-class uses:

nrcmd> client-class CableModem set policy-name=policyCableModem 
 

Setting Client-Class Scope Selection Criteria

If you are not generally specifying an action to perform on a client class (excluding all communication or issuing one-shot addresses, as described in the "Defining Client-Classes" section), you can specify which scope selection tags to include or exclude. Network Registrar handles inclusion and exclusion for the applicable subnet in the following manner—if a scope has a selection tag assigned to it and client-class assigns an:

• Inclusion tag, the client can get an address from that scope.
  
  
• Exclusion tag, the client will not get any address from that scope.
  
  

For example, assume three scopes, A, B, and C, with the following attributes: A/red, B/blue, C/blue,green. If a client-class specifies inclusion of red, the client would get an address from scope A. Inclusion of blue would give the client an address from either scope B or C. Inclusion of blue and exclusion of green would give the client an address from scope B only.

Using the GUI

Step 2   In the Add Client-Class (or Edit Client-Class) dialog box, click the Edit Criteria button.This opens the Edit Scope Selection Criteria dialog box (Figure 10-4).

Step 3   Select the check boxes for the scope selection tags that you want included and excluded in this client-class. (You cannot select the same tags for both inclusion and exclusion.)

Step 4   Click OK.

Using the CLI:

Use the client-class set selection-criteria command to set the inclusion, and the client-class set selection-criteria-excluded command to set the exclusion, scope selection criteria.

nrcmd> client-class CableModem set selection-criteria=tagCableModem 
nrcmd> client-class CableModem set selection-criteria-excluded=tagCableModem 
 

Associating a Selection Tag with a Scope

After defining scope selection tags and client-classes for the DHCP server, you must associate the appropriate selection tag (or tags) with the scope that you want to use for client-class address assignments. The scope must be under the server you configured in the "Setting Client-Class on the Server" section.

Using the GUI

Step 2   Click the Selection Tags tab (Figure 10-5).

Step 3   Click the Edit Tags button. This opens the Choose Scope Selection Tags dialog box.

Step 4   Select the check boxes for one or more of the scope selection tags defined for the server.

Step 5   Click OK.

Step 6   Click OK in the Scope Properties dialog box.

Step 7   Reload the DHCP server.

Step 8   Repeat these steps for each additional scope.

Using the CLI:

Use the scope set selection-tags command to associate existing selection tags (created in the "Defining Client-Classes" section) with a scope.

nrcmd> scope testScope set selection-tags=tagCableModem 
 

Configuring an Embedded Client-Class Policy

An embedded policy is created automatically for each client-class you create. However, the embedded policy has no properties or DHCP options associated with it until you enable or add them. This is similar to an embedded policy you can configure for a scope, as described in the "Configuring an Embedded Policy for the Scope" section.

The only way to configure an embedded policy is by using the client-class-policy command features, properties, and methods in the CLI. The GUI does not support configuring embedded policies.

Using the CLI:

First check if there are any embedded property values already set for a client-class. Use the client-class-policy show command for this. You can then enable or disable a feature by using the client-class-policy enable or client-class-policy disable command, set properties using the client-class-policy set command, set DHCP options using the client-class-policy setOption command, and set the lease time using the client-class-policy setLeaseTime command (there are related get methods as well).

nrcmd> client-class-policy name show 
nrcmd> client-class-policy name enable allow-lease-time-override 
nrcmd> client-class-policy name set server-lease-time=2880 
nrcmd> client-class-policy name setOption routers 204.253.96.180 
nrcmd> client-class-policy name setLeaseTime 228800 
 

Setting Client Properties

You can set the properties of individual DHCP clients.

Adding and Editing a Client

A client inherits the properties from its client-class, which you may choose to override or supplement by specifying different ones for the client.

Using the GUI:

Step 2   In the DHCP Server Properties dialog box, click the Clients tab (Figure 10-6).

Step 3   Click the Add button to open the Add Client dialog box (Figure 10-7).

Step 4   The dialog box is similar to the one used for adding and editing client-classes (see Figure 10-3). The difference is the additional MAC address and Authenticate Until fields. Here is a description of the fields you can select or enter:

• MAC address—You can omit the 1,6 part of the MAC address and start with 1,x, but you must enter the full MAC address.
  
  
• Client-Class—Choose from the existing client-classes, or click New and create a new client-class (see the "Defining Client-Classes" section).
  
  
• Host Name—Choose a predefined name or enter a new name. For a description of the predefined names, see the "Defining Client-Classes" section.
  
• Domain Name—Domain name of the zone to use when performing DNS updates.
  
  
• Policy Name—Choose an existing policy or select <Not Specified>.
  
• Action—Exclude, which causes the server to ignore all communication from this client, or one-shot, which causes the server to fail to renew or re-offer any lease to this client.
  
• Scope Selection Criteria—If necessary, click Edit Criteria to define the tags you want included or excluded (see the "Setting Client-Class Scope Selection Criteria" section).
  
• Authenticate Until—Choose the predefined authentication method, forever, or enter the number of time units (seconds, minutes, hours, days, weeks), or UNIX-style date, such as Mar 24 12:00:00 2002, to indicate when the authentication expires. Note that seconds are optional.
  
  
• User Defined String—A comment or keyword.
  

Step 5   Click OK to finish or Apply to continue adding clients.

To edit a client, double-click the client in the DHCP Server Properties dialog box. To remove a client, select it in the DHCP Server Properties dialog box, then click Remove.

Using the CLI:

This section describes how to use the client create and client set commands. It also describes how to:

• Create a default client without a client configuration
  
  
• Use the domain-name property to set the zone's domain name for dynamic DNS update
  
  
• Use the policy-name property to add the policy name to the search list
  
• Use the action property to exclude or offer one-shot leases to clients
  
• Use the selection-criteria and selection-criteria-excluded properties
  
  
• Use the authenticate-until property to set the authentication expiration date
  
  
• Use the client show and client list commands
  
  
• Use the client delete command to delete a client
  
  

Use the client create command to create a client. Specify the client by MAC address, using the n,n, prefix if necessary.

nrcmd> client 1,6,06:44:40:26:f5:0f create 
 

Use the client set command to set the client properties. Use the host-name=@no-host-name-option setting to provide provisional addresses to unknown clients (see the "Providing Provisional Addresses to Unknown Clients" section).

nrcmd> client 1,6,06:44:40:26:f5:0f set client-class-name=CableModem 
nrcmd> client 1,6,06:44:40:26:f5:0f set host-name=@no-host-name-option 
 

You can also create a default client that does not have a specific client configuration. For example, you can have this client always use its MAC address for its host name.

nrcmd> client default create host-name=@use-macaddress 
 

Set the domain name of the zone to use when performing dynamic DNS updates.

nrcmd> client 1,6,06:44:40:26:f5:0f set domain-name=example.com. 
 

Set the policy to add to Network Registrar's DHCP policy search list. The exclude action causes the server to ignore all communication from this client; the one-shot action causes the server to fail to renew or re-offer any lease to this client.

nrcmd> client 1,6,06:44:40:26:f5:0f set policy-name=policyCableModem 
nrcmd> client 1,6,06:44:40:26:f5:0f set action=exclude 
 

Set the scope selection tags (as defined with the scope-selection-tag create command) that you want included or excluded for a client.

nrcmd> client 1,6,06:44:40:26:f5:0f set selection-criteria=tagCableModem 
nrcmd> client 1,6,06:44:40:26:f5:0f set selection-criteria-excluded=tagCableModemUnprov 
 

Choose the number of time units (seconds, minutes, hours, days, weeks), or UNIX-style date (such as Mar 24 12:00:00 2002) to indicate when the authentication expires, or use forever.

nrcmd> client 1,6,06:44:40:26:f5:0f set authenticate-until=+100d 
 

Use the client show command to display properties of a specific client. Use the client list command to display properties for all the clients.

nrcmd> client 1,6,06:44:40:26:f5:0f show 
nrcmd> client list 
 

Use the client delete command to delete a client.

nrcmd> client 1,6:03:03:03:03:03:03 delete 
 

Setting Windows 2000 Client Properties

As described in the "Configuring Updates for Windows 2000 Clients" section, Windows 2000 clients are different from other clients in that they can update the DNS server with their address records directly. Apart from this, you can also set certain properties in the CLI that relate to client-class processing. These are:

• Looking up the client entry to determine the default client for client-class processing.
  
  
• Mapping the user class ID to the client-class or scope selection tag.
  
  
• Whether to append the class ID to the scope selection tag name.
  
  

Settings in the Windows 2000 Client:

On the Windows 2000 client system, use the ipconfig command with the /setclassid switch to set the class ID. If you plan to map this client ID to a client-class or selection tag, the name must be the same as that client-class or selection tag. For example:

DOS> ipconfig /setclassid adapter engineering 
 

Settings in the DHCP Server:

Use the dhcp set command properties in the CLI to set the Windows 2000 client properties in the server. The skip-client-lookup property is set to false by default, thereby enabling looking up the client entry first to set it as the default client for client-class processing. You can use the map-user-class-id property to (a) ignore the user class ID (value=0, the default), (b) map the user class ID to the scope selection tag (value=1), or (c) map it to the client-class (value=2). If you map the user class ID to the scope selection tag (b), you can also opt to append the user class ID onto the selection tag name, using the append-user-class-id-to-selection-tag property (true by default).

nrcmd> dhcp set skip-client-lookup=true 
nrcmd> dhcp set map-user-class-id=1 [selection-tag] 
nrcmd> dhcp set append-user=class-id-to-selection-tag=true 
nrcmd> server dhcp reload 
 

With the class ID as set in the client configuration example in the "Settings in the Windows 2000 Client:" section, the selection tag in this example would be appended with the name "engineering." (For details on selection tags, see the "Associating a Selection Tag with a Scope" section.)

Providing Provisional Addresses to Unknown Clients

You can have the DHCP server allocate provisional addresses to unknown clients for a short time on a one-shot basis. The server gives an address to the unknown client only as long as its lease period (which should be set short) and ignores all the client's requests during the grace period and until the address is re-allocated to another client. You can thus configure the grace period to offer the unknown client an extended time in which to register with an authority and become known. Note that in a multiple server environment, each server operates its one-shot capability independently.

Using the GUI

Step 2   Enter the word default in the MAC address field.

Step 3   You have three options here:

• If you have a client-class that handles one-shot leases, select it from the Client-Class field.
  
• In the Action field, select one-shot.
  
  
• To exclude access to all unknown clients, select exclude in the Action field.
  
  

Step 4   Click OK.

Step 5   Reload the DHCP server.

Using the CLI:

Use the client default create and client default set action commands to set unknown client provisional addressing.

nrcmd> client default create 
nrcmd> client default set action=one-shot 
 

Moving a Client to Another Subnet

If you move a DHCP client host from one subnet to another, you need to either reboot the machine when it arrives on the new subnet, or explicitly release and re-acquire a lease using the winipcfg.exe utility (for Windows 95), or the ipconfig /release and ipconfig /renew utilities (for Windows NT). You must do this because the client that was moved will use a wrong network address, which happens frequently with laptop computers.

Skipping Client Entries for Client Classing

Using the CLI, you can have the DHCP server skip looking up the client entry for client-class processing.

Using the CLI:

Use the dhcp enable skip-client-lookup command to have the DHCP skip looking up client entries for client-class processing.

nrcmd> dhcp enable skip-client-lookup