#-----------------------------------------------------------------------------
# описание классов которые используются при DHCP relay + option 82:

# в качестве условия берется МАС адрес свича:
class "your:switch:with:option_82:MAC:address:switch_port_number" {
    match if concat(
        binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 3, 6)),
        ":",
        binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1))
    ) = "your:switch:with:option_82:MAC:address:switch_port_number";
}
# сокращенная запись:
class "your:switch:with:option_82:MAC:address:switch_port_number" {
    match if concat(binary-to-ascii(16,8,":",substring(optionagent.remote-id,3,6)),":",binary-to-ascii(10,8,"",substring(optionagent.circuit-id,5,1))) = "your:switch:with:option_82:MAC:address:switch_port_number";
}

# вместо MAC-а из agent.remote-id, берем IP адрес свича из пакета:
class "your.switch.with_option_82.IP_address:switch_port_number" {
    match if concat(
        binary-to-ascii(10, 8, ".", packet(24, 4)),
        ":",
        binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1))
    ) = "your.switch.with_option_82.IP_address:switch_port_number";
}
# сокращенная запись:
class "your.switch.with_option_82.IP_address:switch_port_number" {
    match if concat(binary-to-ascii(10,8,".",packet(24,4)),":",binary-to-ascii(10,8,"",suffix(optionagent.circuit-id,1))) = "your.switch.with_option_82.IP_address:switch_port_number";
}

# MAC адрес клиента как хар-ка класса:
class "some:your:client:hardware:MAC:address" {
    match if substring(hardware, 1, 7) = some:your:client:hardware:MAC:address;
}

# ну или любая другая запись вида:
# class "имя_класса" { всяко_разно_что_нужно_чтобы_класс_матчился; }


#-----------------------------------------------------------------------------
# подсети с классами
shared-network "clients" {
    # подсеть с железом
    # описание небходимо чтобы DHCP знал топологию сети
    subnet 10.90.90.0 netmask 255.255.255.0 { }

    # подсети с юзерами
    # для примера даны 3 подсети, чтобы было видно как прописывается classless static route
    # в каждой сети, для примера, даны 5 хостов
    subnet 192.168.1.0 netmask 255.255.255.0 {
        ping-check off;
        option routers 192.168.1.1;
        option domain-name-servers 192.168.1.1;

        pool { range 192.168.1.5; allow members of "имя_класса"; }
        pool { range 192.168.1.6; allow members of "имя_класса"; }
        pool { range 192.168.1.7; allow members of "имя_класса"; }
    }

    subnet 192.168.2.0 netmask 255.255.255.0 {
        ping-check off;
        option routers 192.168.2.1;
        option domain-name-servers 192.168.2.1;

        pool { range 192.168.2.5; allow members of "имя_класса"; }
        pool { range 192.168.2.6; allow members of "имя_класса"; }
        pool { range 192.168.2.7; allow members of "имя_класса"; }
    }

    subnet 192.168.3.0 netmask 255.255.255.0 {
        ping-check off;
        option routers 192.168.3.1;
        option domain-name-servers 192.168.3.1;

        pool { range 192.168.3.5; allow members of "имя_класса"; }
        pool { range 192.168.3.6; allow members of "имя_класса"; }
        pool { range 192.168.3.7; allow members of "имя_класса"; }
    }
}

ddns-update-style none;
local-address 192.168.0.1;
option domain-name-servers      192.168.0.1;
option nis-domain               "domain.org";
option domain-name              "domain.org";
option routers                  192.168.0.1;
default-lease-time 21600;
max-lease-time 43200;

class "1@192.168.1.1" {
match if option agent.remote-id = 0:6:0:1b:11:21:66:b9 and option agent.circuit-id = 0:4:0:64:0:1;
#and pick-first-value (dhcp-client-identifier, hardware) = 1:00:1b:2e:62:9e:a3;
}

#shared-network "clients" {
    subnet 10.90.90.0 netmask 255.255.255.0 { }

    subnet 10.10.14.0 netmask 255.255.255.0 { }

    subnet 192.168.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        range 192.168.0.1 192.168.0.254;
    }

    subnet 192.168.1.0 netmask 255.255.255.0 {
        pool {range 192.168.1.1 192.168.1.1; allow members of "1@192.168.1.1"; deny dynamic bootp clients;}
    }

    subnet 192.168.2.0 netmask 255.255.255.0 {
       option subnet-mask 255.255.255.0;
       range 192.168.2.1 192.168.2.254;

    }

    subnet 192.168.3.0 netmask 255.255.255.0 {
       option subnet-mask 255.255.255.0;
       range 192.168.3.1 192.168.3.254;

    }

    subnet 192.168.100.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        range 192.168.100.1 192.168.100.254;
    }
#}

config dhcp_relay add ipif System 10.90.90.254
config dhcp_relay option_82 state enable
enable dhcp_relay

authoritative;
ddns-update-style none;

default-lease-time  3600;
max-lease-time      3600;
min-lease-time      3600;

one-lease-per-client on;

deny duplicates;
deny bootp;

ping-check off;

option arp-cache-timeout 3600;
option netbios-node-type 1;


include "/usr/local/etc/dhcp/conf/1.0.class";
include "/usr/local/etc/dhcp/conf/2.0.class";
include "/usr/local/etc/dhcp/conf/3.0.class";


shared-network "clients" {
    subnet 10.90.90.0 netmask 255.255.255.0 { }

    subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers 192.168.1.1;
        option domain-name-servers 192.168.1.1;

        include "/usr/local/etc/dhcp/conf/1.0.subnet";
    }

    subnet 192.168.2.0 netmask 255.255.255.0 {
        option routers 192.168.2.1;
        option domain-name-servers 192.168.2.1;

        include "/usr/local/etc/dhcp/conf/2.0.subnet";
    }

    subnet 192.168.3.0 netmask 255.255.255.0 {
        option routers 192.168.3.1;
        option domain-name-servers 192.168.3.1;

        include "/usr/local/etc/dhcp/conf/3.0.subnet";
    }
}

# host template
#class "10.90.90.x:y" { match if concat(binary-to-ascii(10, 8, ".", packet(24, 4)), ":", binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1))) = "10.90.90.x:y"; }

class "10.90.90.10:1" { match if concat(binary-to-ascii(10, 8, ".", packet(24, 4)), ":", binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1))) = "10.90.90.10:1"; }
class "10.90.90.10:2" { match if concat(binary-to-ascii(10, 8, ".", packet(24, 4)), ":", binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1))) = "10.90.90.10:2"; }
class "10.90.90.10:3" { match if concat(binary-to-ascii(10, 8, ".", packet(24, 4)), ":", binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1))) = "10.90.90.10:3"; }

# host template
#pool { range 192.168.1.z; allow members of "10.90.90.x:y"; }  # %username%

pool { range 192.168.1.5; allow members of "10.90.90.10:1"; }  # Vasya
pool { range 192.168.1.6; allow members of "10.90.90.10:2"; }  # Petya
pool { range 192.168.1.7; allow members of "10.90.90.10:3"; }  # Sasha

DES-3526:admin#sh ipif
Command: show ipif

IP Interface Settings

Interface Name : System
IP Address     : 192.168.100.2   (MANUAL)
Subnet Mask    : 255.255.255.0
VLAN Name      : vlan1000
Admin. State   : Enabled
Link Status    : Link UP
Member Ports   : 26

DES-3526:admin#show dhcp_relay
Command: show dhcp_relay

DHCP/BOOTP Relay Status         : Enabled
DHCP/BOOTP Hops Count Limit     : 4
DHCP/BOOTP Relay Time Threshold : 0
DHCP Relay Agent Information Option 82 State  : Enabled
DHCP Relay Agent Information Option 82 Check  : Disabled
DHCP Relay Agent Information Option 82 Policy : Replace
DHCP Relay Agent Information Option 82 Remote ID : 00-1B-11-21-66-B9

Interface     Server 1         Server 2         Server 3         Server 4
------------  ---------------  ---------------  ---------------  --------------
System        192.168.0.1      192.168.100.1

Command: show vlan

VID             : 1          VLAN Name     : default
VLAN TYPE       : static     Advertisement : Enabled
Member ports    :
Static ports    :
Current Tagged ports   :
Current Untagged ports :
Static Tagged ports    :
Static Untagged ports  :
Forbidden ports :

VID             : 100        VLAN Name     : vlan100
VLAN TYPE       : static     Advertisement : Disabled
Member ports    : 1-8,26
Static ports    : 1-8,26
Current Tagged ports   : 26
Current Untagged ports : 1-8
Static Tagged ports    : 26
Static Untagged ports  : 1-8
Forbidden ports :

VID             : 200        VLAN Name     : vlan200
VLAN TYPE       : static     Advertisement : Disabled
Member ports    : 9-16,26
Static ports    : 9-16,26
Current Tagged ports   : 26
Current Untagged ports : 9-16
Static Tagged ports    : 26
Static Untagged ports  : 9-16
Forbidden ports :

VID             : 300        VLAN Name     : vlan300
VLAN TYPE       : static     Advertisement : Disabled
Member ports    : 17-24,26
Static ports    : 17-24,26
Current Tagged ports   : 26
Current Untagged ports : 17-24
Static Tagged ports    : 26
Static Untagged ports  : 17-24
Forbidden ports :

VID             : 1000       VLAN Name     : vlan1000
VLAN TYPE       : static     Advertisement : Disabled
Member ports    : 26
Static ports    : 26
Current Tagged ports   : 26
Current Untagged ports :
Static Tagged ports    : 26
Static Untagged ports  :
Forbidden ports :

Total Entries : 5

authoritative;
ddns-update-style none;
local-address 192.168.0.1;
option domain-name-servers      192.168.0.1;
option nis-domain               "domain.org";
option domain-name              "domain.org";
option routers                  192.168.0.1;

default-lease-time  36000;
max-lease-time      360000;

option arp-cache-timeout 3600;
option netbios-node-type 1;

class "1p" { match if concat(binary-to-ascii(10, 8, ".", packet(24, 4)), ":", binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1)))= "1"; }

shared-network "clients" {
    subnet 10.10.14.0 netmask 255.255.255.0 { }

    subnet 192.168.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        range 192.168.0.1 192.168.0.254;
    }

    subnet 192.168.1.0 netmask 255.255.255.0 {
      option subnet-mask 255.255.255.0;
#     range 192.168.1.1 192.168.1.3;
      pool {range 192.168.1.1; allow members of "1p";}
    }

    subnet 192.168.2.0 netmask 255.255.255.0 {
       option subnet-mask 255.255.255.0;
       range 192.168.2.1 192.168.2.254;
    }

    subnet 192.168.3.0 netmask 255.255.255.0 {
       option subnet-mask 255.255.255.0;
       range 192.168.3.1 192.168.3.254;
    }

    subnet 192.168.100.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        range 192.168.100.1 192.168.100.254;
    }
}