if-match
Use if-match to configure a match rule for a DHCP user class.
Use undo if-match to delete a match rule for a DHCP user class.
Syntax
if-match rule rule-number { hardware-address hardware-address mask hardware-address-mask | option option-code [ ascii ascii-string [ offset offset | partial ] | hex hex-string [ mask mask | offset offset length length | partial ] ] | relay-agent gateway-address }
undo if-match rule rule-number
Default
No match rules are configured for the DHCP user class.
Views
DHCP user class view
Predefined user roles
network-admin
mdc-admin
Parameters
rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher match priority.
hardware-address hardware-address: Specifies a hardware address, a string of 4 to 39 characters. The string contains hyphen-separated hexadecimal numbers. The last hexadecimal number can be a two-digit or four-digit number, and the other hexadecimal numbers must be four-digit numbers. For example, aabb-ccdd-ee is valid, and aabb-c-dddd or aabb-cc-dddd is invalid.
mask hardware-address-mask: Specifies the mask to be ANDed with the specified hardware address for the match operation. The length of the mask must be the same as that of the hardware address.
option option-code: Specifies a DHCP option by its number in the range of 1 to 254.
ascii ascii-string: Specifies an ASCII string of 1 to 128 characters.
offset offset: Specifies the offset in bytes after which the match operation starts. The value range is 0 to 254. If you specify an ASCII string, a packet matches the rule if the option content after the offset is the same as the ASCII string. If you specify a hexadecimal number, a packet matches the rule if the option content of the specified length after the offset is the same as the hexadecimal number.
partial: Enables partial match. A packet matches a rule if the specified option in the packet contains the ASCII string or hexadecimal number specified in the rule. For example, if you specify abc in the rule, option content xabc, xyzabca, xabcyz, and abcxyz all match the rule.
hex hex-string: Specifies a hexadecimal number. The length of the hexadecimal number must be an even number in the range of 2 to 256.
mask mask: Specifies a hexadecimal mask for the match operation. The mask length must be an even number in the range of 2 to 256 and be the same as the hex-string length. The DHCP server selects option content of the mask length from the start and ANDs the selected option content and the specified hexadecimal number with the mask. The packet matches the rule if the two AND operation results are the same.
length length: Specifies the length of the option content to be matched, in the range of 1 to 128 bytes. The length must be the same as the hex-string length.
relay-agent gateway-address: Specifies a giaddr field value. The value is an IPv4 address in the dotted decimal notation. A packet matches the rule if its giaddr field value is the same as that in the rule.
Usage guidelines
If a DHCP request sent by a DHCP client matches a rule in a DHCP user class, the DHCP client matches the user class.
You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID within its type (hardware address, option, or relay agent address).
If the rule that you are configuring has the same ID and type as an existing rule, the new rule overwrites the existing rule.
If the rule that you are configuring has the same ID as an existing rule but a different type, the new rule takes effect and coexists with the existing rule. As a best practice, do not assign the same ID to rules of different types.
Rules of different IDs cannot have the same rule content.
When you configure an if-match hardware-address rule, follow these guidelines:
The hardware address type supports only the MAC address. A rule does not match clients with hardware addresses of other types.
The specified hardware address must be of the same length as the client hardware addresses to be matched. To match MAC addresses, the specified hardware address must be six bytes long.
The fs and 0s in the mask for the hardware match operation can be noncontiguous. For example, the rule if-match rule 1 hardware-address 0094-0000-1100 mask ffff-0000-ff00 matches hardware addresses in which the first two bytes are 0094 and the fifth byte is 11.
When you configure an if-match option rule, follow these guidelines:
To match packets that contain an option, specify only the option-code argument.
To match a hexadecimal number by AND operations, specify the option option-code hex hex-string mask mask options.
To match a hexadecimal number directly, specify the option option-code hex hex-string [ offset offset length length | partial ] options. If you do not specify the offset, length, or partial parameter, a packet matches a rule if the option content starts with the hexadecimal number.
To match an ASCII string, specify the option option-code ascii ascii-string [ offset offset | partial ] options. If you do not specify the offset or partial parameter, a packet matches a rule if the option content starts with the ASCII string.
Examples
# Configure match rule 1 for DHCP user class exam to match DHCP requests in which the hardware address is six bytes long and begins with 0094.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 1 hardware-address 0094-0000-0101 mask ffff-0000-0000
# Configure match rule 2 for DHCP user class exam to match DHCP requests that contain Option 82.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 2 option 82
# Configure match rule 3 for DHCP user class exam. The rule matches DHCP requests in which the highest bit of the fourth byte in Option 82 is the hexadecimal number 1.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080
# Configure match rule 4 for DHCP user class exam. The rule matches DHCP requests in which the first three bytes of Option 82 are the hexadecimal number 13ae92.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 4 option 82 hex 13ae92 offset 0 length 3
# Configure match rule 5 for DHCP user class exam. The rule matches DHCP requests in which the Option 82 contains the hexadecimal number 13ae.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 5 option 82 hex 13ae partial
# Configure match rule 6 for DHCP user class exam to match DHCP requests in which the giaddr field is 10.1.1.1.
<Sysname> system-view [Sysname] dhcp class exam [Sysname-dhcp-class-exam] if-match rule 6 relay-agent 10.1.1.1
Related commands
dhcp class