Archives

Access Incognito's library of Guides, Tips / Tutorials and more.

The CLI Cheat Sheet: Add DHCP Rules

Published on 24 Jan 2013 

Add RULE <name> ipfrom <starting IP range> ipto <end IP range>

For example:

Add RULE “Test Rule” ipfrom 192.168.75.2 ipto 192.168.75.254

A DHCPv4 rule will be then added to the DHCP service, with the name of “Test Rule”, and the IP allocation range from 192.168.75.2 to 192.168.75.254.

Once the rule has been created, enter modify mode to SET additional parameters. The parameters that can be set are:

ALLOCABLE Indicates whether IP addresses can be allocated from this rule. Must be set to TRUE/YES or FALSE/NO
BROKENPOLICY Sets the broken policy association. Must be set to TRUE/YES or FALSE/NO
CRITERIA Rule Criteria which determines devices that are authorized to receive an IP address from this pool
CRITICALHWM Critical high water mark level in percentage (0-100)
DEFAULTGW The IP address of the default gateway that applies to this rule
DEFAULTIPLIMIT Default IP limit per Remote or Circuit ID
DESCRIPTION Optional description about the rule
DISABLED Disables the rule. Must be set to TRUE/YES or FALSE/NO
DISABLEDBYINHERITANCE Disabled by a parent rule. Set to TRUE/YES or FALSE/NO
INFORMONLY If enabled, rule will not allocate leases, but will respond to DHCP inform requests only
IPFROM Lower limit of the IP address range for this rule
IPLIMITSELECTOR Client field IP limiting is based on (ie, CIRCUITID, REMOTEID, NONE)
IPTO Upper limit of the IP Address range for this rule
LEASETIME The lease time that applies to this rule in seconds
NAME Rule name
PINGBEFORE Ping an address before allocating it. Set to TRUE/YES or FALSE/NO
PINGBEFOREBYINHERITANCE Ping before allocate enabled by parent rule. Set to TRUE/YES or FALSE/NO
REQUIRESLEGALHOSTNAME Requires the service to generate an RFC 1123 compliant hostname. Set to TRUE/YES or FALSE/NO
RESERVED Rule is reserved from allocation. The service will never allocate any IP addresses belonging to this range. Set to TRUE/YES or FALSE/NO
RESERVEDBYINHERITANCE Reserved by a parent rule. Set to TRUE/YES or FALSE/NO
SHUFFLEIP Determines whether leases allocated by this rule will be shuffled. Set to TRUE/YES or FALSE/NO
SUBNETMASK The subnet mask that applies to this rule.
SUPPRESSNAKRESPONSE Suppress NAK response to off-network IP address requests.
WARNINGHWM Warning high water mark level in percentage (0-100)

Any of these variables can be combined in the initial ADD command. For example:

add rule “test rule” ipfrom 192.168.75.2 ipto 192.168.75.254 description “test rule” disabled yes leasetime 600 pingbefore yes criteria “CLIENTCLASS(gold) AND docsis(*)” defaultgw 0.0.0.1

The result is that a new rule will be added with the name and a description of “Test Rule”, with the allocating range from 192.168.75.2 to 192.168.75.254. The rule has been disabled, the lease time set to 600 seconds (10 minutes), ping before allocate has been enabled, the criteria of the rule is “CLIENTCLASS(gold) AND docsis(*)” and the default gateway is set to the wild-card value of 0.0.0.1.

Preserving rule hierarchy

In this scenario, we have three rules that were created with the “add rule” command. They are: rule1, rule2, rule3. The administrator wants to create a hierarchical nesting so that rule1 is the parent rule to rule2, which is the parent rule to rule3. The commands to create this nesting are as follows:

relate rule "rule2" rule "rule1"
relate rule “rule3” rule “rule2”

The result is that rule2 has been made a child of rule1, and rule3 has been made a child of rule2.

Cloning a rule

In the CLI only, there is the ability to make an exact copy of a rule for further editing by the administrator. In some cases, it may be easier to duplicate the rule rather than creating a new one. The command to do so is:

Clone RULE <Rule name>