How are DHCP policies applied to subnets and individual computers?
It’s crucial to understand that hosts and subnets are on the same level within the hierarchy. This gets more clear with the following output:
root@master:~# udm dhcp/service list | grep DN:
DN: cn=example.domain,cn=dhcp,dc=example,dc=domain
root@master:~# udm dhcp/host list --filter cn=pc1234 | grep DN:
DN: cn=pc1234,cn=example.domain,cn=dhcp,dc=example,dc=domain
root@master:~# udm dhcp/subnet list --filter cn=192.168.1.0 | grep DN:
DN: cn=192.168.1.0,cn=example.domain,cn=dhcp,dc=example,dc=domain
This is the procedure how a policy gets assigned:
The policies from the higher-level objects, like OUs and CNs, will apply in order from the base to the bottom. The settings are applied according to the principle of inheritance. The policy closest to the object wins. The policy closest to the host is the policy that is attached directly at the host.
Important to know: The DHCP server will first check the DHCP host object. If any policies apply there, the DHCP server will not consider the subnet object. Only if the corresponding value is not defined in the DHCP host object will it then evaluate the policies in the subnet object.
In this example the host cn=pc1234
will get the policies in the following order:
1. cn=192.168.1.0,cn=example.domain,cn=dhcp,dc=example,dc=domain
2. dc=example,dc=domain
3. cn=dhcp,dc=example,dc=domain
4. cn=example.domain,cn=dhcp,dc=example,dc=domain
5. cn=pc1234,cn=example.domain,cn=dhcp,dc=example,dc=domain
The policy from the host always wins and the policy from the subnet always loses.
My DHCP service has a global policy applied. How can I specify a separate policy for one of my subnets so all clients of that subnet will use it?
There are two potential approaches to resolve this:
-
Set the policy at each host object beneath the subnet:
- Leave the global policy at the DHCP service as is.
- Apply the specific policy at the individual computer objects that use the subnet.
-
Apply Policies at the Subnet Level:
- Remove the global policy from the DHCP service.
- Attach the global policy to each subnet, except for your subnet that shall get a specific one. For this subnet apply the specific policy.
Recommendation: For maintenance and administrative efficiency, we recommend the second solution.