This Wiki is a dedicated space for documenting my projects and research!

I have decided to document the setup, usage, and performace differences of multiple hypervisors.

Hypervisors can be broken down into two types:

• Type-1: Native or bare metal hypervisors
• Type-2: Hosted hypervisors

Type-1 hypervisors run directly on the host hardware allowing for hardware control and guest OS managability. Guest operating systmes are then run as processes on the host.

Examples of Type-1 hypervisors:

• Xen
• VMware ESX & ESXi
• Microsoft HyperV

Type-2 hypervisors run on top of existing operating systems much like web browsers or email clients. the hypervisor is then completely dependent upon the host operating system for its functionality.

Examples of Type-2 hypervisors:

• VMware Workstation
• Oracle Virtualbox

To get this project going i decided to use one of my personal servers. This is the system i will be using for all testing as to keep a consistent approach to each hypervisor i test. System:

• Opteron 1385 Quadcore CPU
• 16GB of 800mhz DDR2
• 6x1TB 7200RPM HDDs
• Software Raid 10

OS:

• Debian 8 (Jessie)

The first hypervisor i will be testing is KVM (Kernal Based Virtual Machine)

Step 1. Install KVM & Libvirt from Debian Repository

apt-get install qemu-kvm libvirt-bin

Step 2. To be able to manage virtual machines as a non-root user we will need to add our account to the groups kvm and libvirt

adduser "username" kvm
adduser "username" libvirt

Thats it! Now KVM is ready!

KVM can be managed in multiple ways. The most popular approach is mgmt directly from the Linux CLI using virsh. (This is why we installed Libvirt)

duder@hyper1:~$ virsh --connect qemu:///system
Welcome to virsh, the virtualization interactive terminal.
 
Type:  'help' for help with commands
       'quit' to quit
 
virsh # list --all
 Id    Name                           State
----------------------------------------------------
 2     win7pro                        running
 3     Win2012R2                      running
 
virsh # 

virsh # help
Grouped commands:
 
 Domain Management (help keyword 'domain'):
    attach-device                  attach device from an XML file
    attach-disk                    attach disk device
    attach-interface               attach network interface
    autostart                      autostart a domain
    blkdeviotune                   Set or query a block device I/O tuning parameters.
    blkiotune                      Get or set blkio parameters
    blockcommit                    Start a block commit operation.
    blockcopy                      Start a block copy operation.
    blockjob                       Manage active block operations
    blockpull                      Populate a disk from its backing image.
    blockresize                    Resize block device of domain.
    change-media                   Change media of CD or floppy drive
    console                        connect to the guest console
    cpu-baseline                   compute baseline CPU
    cpu-compare                    compare host CPU with a CPU described by an XML file
    cpu-stats                      show domain cpu statistics
    create                         create a domain from an XML file
    define                         define (but don't start) a domain from an XML file
    desc                           show or set domain's description or title
    destroy                        destroy (stop) a domain
    detach-device                  detach device from an XML file
    detach-disk                    detach disk device
    detach-interface               detach network interface
    domdisplay                     domain display connection URI
    domfsfreeze                    Freeze domain's mounted filesystems.
    domfsthaw                      Thaw domain's mounted filesystems.
    domfstrim                      Invoke fstrim on domain's mounted filesystems.
    domhostname                    print the domain's hostname
    domid                          convert a domain name or UUID to domain id
    domif-setlink                  set link state of a virtual interface
    domiftune                      get/set parameters of a virtual interface
    domjobabort                    abort active domain job
    domjobinfo                     domain job information
    domname                        convert a domain id or UUID to domain name
    dompmsuspend                   suspend a domain gracefully using power management functions
    dompmwakeup                    wakeup a domain from pmsuspended state
    domuuid                        convert a domain name or id to domain UUID
    domxml-from-native             Convert native config to domain XML
    domxml-to-native               Convert domain XML to native config
    dump                           dump the core of a domain to a file for analysis
    dumpxml                        domain information in XML
    edit                           edit XML configuration for a domain
    event                          Domain Events
    inject-nmi                     Inject NMI to the guest
    send-key                       Send keycodes to the guest
    send-process-signal            Send signals to processes
    lxc-enter-namespace            LXC Guest Enter Namespace
    managedsave                    managed save of a domain state
    managedsave-remove             Remove managed save of a domain
    memtune                        Get or set memory parameters
    metadata                       show or set domain's custom XML metadata
    migrate                        migrate domain to another host
    migrate-setmaxdowntime         set maximum tolerable downtime
    migrate-compcache              get/set compression cache size
    migrate-setspeed               Set the maximum migration bandwidth
    migrate-getspeed               Get the maximum migration bandwidth
    numatune                       Get or set numa parameters
    qemu-attach                    QEMU Attach
    qemu-monitor-command           QEMU Monitor Command
    qemu-monitor-event             QEMU Monitor Events
    qemu-agent-command             QEMU Guest Agent Command
    reboot                         reboot a domain
    reset                          reset a domain
    restore                        restore a domain from a saved state in a file
    resume                         resume a domain
    save                           save a domain state to a file
    save-image-define              redefine the XML for a domain's saved state file
    save-image-dumpxml             saved state domain information in XML
    save-image-edit                edit XML for a domain's saved state file
    schedinfo                      show/set scheduler parameters
    screenshot                     take a screenshot of a current domain console and store it into a file
    setmaxmem                      change maximum memory limit
    setmem                         change memory allocation
    setvcpus                       change number of virtual CPUs
    shutdown                       gracefully shutdown a domain
    start                          start a (previously defined) inactive domain
    suspend                        suspend a domain
    ttyconsole                     tty console
    undefine                       undefine a domain
    update-device                  update device from an XML file
    vcpucount                      domain vcpu counts
    vcpuinfo                       detailed domain vcpu information
    vcpupin                        control or query domain vcpu affinity
    emulatorpin                    control or query domain emulator affinity
    vncdisplay                     vnc display
 
 Domain Monitoring (help keyword 'monitor'):
    domblkerror                    Show errors on block devices
    domblkinfo                     domain block device size information
    domblklist                     list all domain blocks
    domblkstat                     get device block stats for a domain
    domcontrol                     domain control interface state
    domif-getlink                  get link state of a virtual interface
    domiflist                      list all domain virtual interfaces
    domifstat                      get network interface stats for a domain
    dominfo                        domain information
    dommemstat                     get memory statistics for a domain
    domstate                       domain state
    domstats                       get statistics about one or multiple domains
    domtime                        domain time
    list                           list domains
 
 Host and Hypervisor (help keyword 'host'):
    allocpages                     Manipulate pages pool size
    capabilities                   capabilities
    cpu-models                     CPU models
    domcapabilities                domain capabilities
    freecell                       NUMA free memory
    freepages                      NUMA free pages
    hostname                       print the hypervisor hostname
    maxvcpus                       connection vcpu maximum
    node-memory-tune               Get or set node memory parameters
    nodecpumap                     node cpu map
    nodecpustats                   Prints cpu stats of the node.
    nodeinfo                       node information
    nodememstats                   Prints memory stats of the node.
    nodesuspend                    suspend the host node for a given time duration
    sysinfo                        print the hypervisor sysinfo
    uri                            print the hypervisor canonical URI
    version                        show version
 
 Interface (help keyword 'interface'):
    iface-begin                    create a snapshot of current interfaces settings, which can be later committed (iface-commit) or restored (iface-rollback)
    iface-bridge                   create a bridge device and attach an existing network device to it
    iface-commit                   commit changes made since iface-begin and free restore point
    iface-define                   define (but don't start) a physical host interface from an XML file
    iface-destroy                  destroy a physical host interface (disable it / "if-down")
    iface-dumpxml                  interface information in XML
    iface-edit                     edit XML configuration for a physical host interface
    iface-list                     list physical host interfaces
    iface-mac                      convert an interface name to interface MAC address
    iface-name                     convert an interface MAC address to interface name
    iface-rollback                 rollback to previous saved configuration created via iface-begin
    iface-start                    start a physical host interface (enable it / "if-up")
    iface-unbridge                 undefine a bridge device after detaching its slave device
    iface-undefine                 undefine a physical host interface (remove it from configuration)
 
 Network Filter (help keyword 'filter'):
    nwfilter-define                define or update a network filter from an XML file
    nwfilter-dumpxml               network filter information in XML
    nwfilter-edit                  edit XML configuration for a network filter
    nwfilter-list                  list network filters
    nwfilter-undefine              undefine a network filter
 
 Networking (help keyword 'network'):
    net-autostart                  autostart a network
    net-create                     create a network from an XML file
    net-define                     define (but don't start) a network from an XML file
    net-destroy                    destroy (stop) a network
    net-dhcp-leases                print lease info for a given network
    net-dumpxml                    network information in XML
    net-edit                       edit XML configuration for a network
    net-event                      Network Events
    net-info                       network information
    net-list                       list networks
    net-name                       convert a network UUID to network name
    net-start                      start a (previously defined) inactive network
    net-undefine                   undefine a persistent network
    net-update                     update parts of an existing network's configuration
    net-uuid                       convert a network name to network UUID
 
 Node Device (help keyword 'nodedev'):
    nodedev-create                 create a device defined by an XML file on the node
    nodedev-destroy                destroy (stop) a device on the node
    nodedev-detach                 detach node device from its device driver
    nodedev-dumpxml                node device details in XML
    nodedev-list                   enumerate devices on this host
    nodedev-reattach               reattach node device to its device driver
    nodedev-reset                  reset node device
 
 Secret (help keyword 'secret'):
    secret-define                  define or modify a secret from an XML file
    secret-dumpxml                 secret attributes in XML
    secret-get-value               Output a secret value
    secret-list                    list secrets
    secret-set-value               set a secret value
    secret-undefine                undefine a secret
 
 Snapshot (help keyword 'snapshot'):
    snapshot-create                Create a snapshot from XML
    snapshot-create-as             Create a snapshot from a set of args
    snapshot-current               Get or set the current snapshot
    snapshot-delete                Delete a domain snapshot
    snapshot-dumpxml               Dump XML for a domain snapshot
    snapshot-edit                  edit XML for a snapshot
    snapshot-info                  snapshot information
    snapshot-list                  List snapshots for a domain
    snapshot-parent                Get the name of the parent of a snapshot
    snapshot-revert                Revert a domain to a snapshot
 
 Storage Pool (help keyword 'pool'):
    find-storage-pool-sources-as   find potential storage pool sources
    find-storage-pool-sources      discover potential storage pool sources
    pool-autostart                 autostart a pool
    pool-build                     build a pool
    pool-create-as                 create a pool from a set of args
    pool-create                    create a pool from an XML file
    pool-define-as                 define a pool from a set of args
    pool-define                    define (but don't start) a pool from an XML file
    pool-delete                    delete a pool
    pool-destroy                   destroy (stop) a pool
    pool-dumpxml                   pool information in XML
    pool-edit                      edit XML configuration for a storage pool
    pool-info                      storage pool information
    pool-list                      list pools
    pool-name                      convert a pool UUID to pool name
    pool-refresh                   refresh a pool
    pool-start                     start a (previously defined) inactive pool
    pool-undefine                  undefine an inactive pool
    pool-uuid                      convert a pool name to pool UUID
 
 Storage Volume (help keyword 'volume'):
    vol-clone                      clone a volume.
    vol-create-as                  create a volume from a set of args
    vol-create                     create a vol from an XML file
    vol-create-from                create a vol, using another volume as input
    vol-delete                     delete a vol
    vol-download                   download volume contents to a file
    vol-dumpxml                    vol information in XML
    vol-info                       storage vol information
    vol-key                        returns the volume key for a given volume name or path
    vol-list                       list vols
    vol-name                       returns the volume name for a given volume key or path
    vol-path                       returns the volume path for a given volume name or key
    vol-pool                       returns the storage pool for a given volume key or path
    vol-resize                     resize a vol
    vol-upload                     upload file contents to a volume
    vol-wipe                       wipe a vol
 
 Virsh itself (help keyword 'virsh'):
    cd                             change the current directory
    connect                        (re)connect to hypervisor
    echo                           echo arguments
    exit                           quit this interactive terminal
    help                           print help
    pwd                            print the current directory
    quit                           quit this interactive terminal
 
 
virsh # 

Another approach is to use managment software. I currently use Virtual Machine Manager.

I installed KVM at the start of the semester and have yet to switch to another hypervisor!

My next step is to move to a USB bootable Xen hypervisor!

This semester i have been using Virtual Box for many things school and personal related. It has become a valuable tool and has changed the way i use computers!

Exporting is a great feature built into Virtual Box that allows for easy back up of virtual machines.

1. Pressing Ctrl+e will launch the Export window. Select the VM you wish to export (In my case Xubuntu 14.04) and when finished select next.
2. Select where to save the VM. Here we can also chose wich version of OVF to use. This will save our VM in open virtualization format inside of an OVA (this is essentialy a tar file). Lastly you can select “Write Manifest File” if you would like virtualbox to automaticly run data integrity checks when importing. When finished select next.
3. Enter information describing your VM according to the supplied catagories. When finished select Export. Exporting is complete!

Now we can use our exported VM to learn about importing!

1. Pressing Ctrl+i will launch the import window. Here we can select any virtual machines we have saved in OVF format to import into virtual box. Select next when ready.
2. Here we can see all of the predefined settings of our VM. Make sure these settings are compatable with your computer. We also have the option to reinitilize the MAC address of the VMs NICs. when importing the same VM multiple times it is important to select this option to avoid confilcting MACS on your network. When finished select Import to finish.

This past week i have been spending some time learning about the DB server and how to make the move to Debian 8 and MariaDB as smooth as possible. I learned quickly that backing up all of the databases will be an easy task to accomplish. This can be achieved with something along the lines of this command:

mysqldump --all-databases > all_databases.sql

Where the real problem lies is the compatibility between older versions of MySQL and MariaDB. Because we are running MySQL 5.1 we can only move our database back up to MariaDB 5.5… While this shouldn't be to much of an issue we are really shooting to use MariaDB 10. This is the latest stable version and is packaged in the Debian repos. I have encountered some methods of moving 5.5 database backups to 10 but it looks like a long tedious process. NOT FUN.

<charter> title = Simple 3D pie chart size = 400×300 align = center bgcolor = #eeeeee type = pie3d labelSerie = 2 pieExploded = on

25,46,20,6,3 Jan, Feb, Mar, Apr, May </charter>

The goal of this project was to better understand network interface management on Red Hat Enterprise Linux. This is the main Linux spin i have to use at work (both CentOS and licensed RHEL) and often found myself glancing over man pages and Red Hat documentation. I decided to just take some of my free time and really dig into managing networking with just configuration files (cutting network manager and systemd out of the scenario) to save my self time and headache when switching between versions 5, 6, and 7. In the end i needed to be able to have the following:

1. Static addressing
2. IPv4 ONLY
3. VLAN tagging
4. Bridge interface for MGMT
5. Bridge interfaces for individual VLANs

The over all biggest thing I needed was to have one interface to attach to multiple KVM guests for MGMT IPs, and individual interfaces for VLANS that could be attached to multiple guest VMs.

To prepare myself I built a test KVM hypervisor at work (and at home :D) to attach to multiple guest systems to multiple VLANS and one central MGMT interface.

I took note as to what VLANs I would need the server to communicate with. I decided to bring up a copy of RHELs documentation online and give it a full read as well as multiple man pages and online resources.

In the end i needed to be able to have the following:

1. Static addressing
2. IPv4 ONLY
3. VLAN tagging
4. Bridge interface for MGMT
5. Bridge interfaces for individual VLANs

The over all biggest thing i needed was to have one interface to attach to multiple KVM guests for MGMT IPs, and individual interfaces for VLANS that could be attached to multiple guest VMs. This would allow virtual servers to communicate to a specific VLAN within our network on one interface and be managed on another.

To start i have two network interfaces

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:25:90:f3:21:9a brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:25:90:f3:21:9b brd ff:ff:ff:ff:ff:ff

All of these devices can be managed with configuration files located in /etc/sysconfig/network-scripts. These will give us the ability to create, manage, and delete interfaces as we please.

Interface eno1 is going to be used as our management interface. To make KVM happy we need to make a bridge interface that uses this interface. We need to first make sure we have bridge-utils installed. This will give us the ability to used bridged networking!

[root@bencrk1 network-scripts]# yum install bridge-utils

Now we can make a new bridge interface that uses eno1. This can be done by creating a new configuration file with the name of the bridge at the end. Below is an example of my configuration.

[root@bencrk1 network-scripts]# cat ifcfg-br0
DEVICE=br0
ONBOOT=yes
BOOTPROTO=static
#IPADDR=xxx.xxx.xxx.xxx
#NETMASK=xxx.xxx.xxx.xxx
IPV6INIT=no
TYPE=Bridge
NM_CONTROLLED=no

For the sake of this demo i will leave out my IPs. What we have done here is created a bridge interface named br0. It is set to initialize on boot, use a static ip, disable ipv6, and tell the system that it is not to be managed by NetworkManager.

Now we need to set the interface eno1 to be used by the bridge. This is done my editing its configuration file and telling it to use the bridge interface.

DEVICE=eno1
BOOTPROTO=static
HWADDR=
ONBOOT=yes
NETMASK=
GATEWAY=
BRIDGE=br0
TYPE=Ethernet

This was accomplished by simply adding the line BRIDGE=br0!

First bridge interface down!

Now that we know how to make a bridge we need to learn how to incorporate VLANs into the mix. To do this we need to create VLAN interfaces for each VLAN we need. This is done by creating a interface configuration file with the name of the interface you want to use as well as the VLAN tag for the network. Here is my demo config for our 252 VLAN.

DEVICE=eno2.252
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no

This configuration is very similar to the one above except for one new line. VLAN=yes tells the system that this is a VLAN interface. Simple!

Now we create a bridge interface that takes advantage of our new VLAN interface.

[root@bencrk1 network-scripts]# cat ifcfg-br1.252 
DEVICE=br1.252
ONBOOT=yes
BOOTPROTO=static
#IPADDR=xxx.xxx.xxx.xxx
#NETMASK=xxx.xxx.xxx.xxx
IPV6INIT=no
TYPE=Bridge
NM_CONTROLLED=no

Now we tell our VLAN interface that is going to be used by our newly created bridge interface. This is very similar to above!

DEVICE=eno2.252
VLAN=yes
ONBOOT=yes
BOOTPROTO=none
BRIDGE=br1.252
NM_CONTROLLED=no

Now we are complete! We can add these interfaces to our KVM guests and apply IPs.

- where you got informative and useful information to help you accomplish this project when you originally worked on it (from Google, other wiki documents on the Lab46 wiki, etc.)

https://access.redhat.com/documentation/en/red-hat-enterprise-linux/

Cool DHCP config check/status tool i worked on!

#!/bin/bash
#
# dstatus DHCP remote utility SCRIPT
#
. /usr/local/bin/functions
prtime $host $0 Starting

host=`hostname`
BN0=`basename $0`

if [ "$host" = "prtbdhcp2.empacc.net" ] ; then
	FILES="dhcpd.conf dhcpd-empiremaster.conf"
	CONFFILE=dhcpd-empiremaster.conf

elif [ "$host" = "bncrdhcp2.empacc.net" ] ; then
    FILES="dhcpd.conf dhcpd-npmaster.conf"
	CONFFILE=dhcpd-npmaster.conf

else
	prtime $host $0 Abort Unknown hostname: $host
	exit
fi

IAM="$host $BN0"

Tm=`date '+%Y%m%d%H%M'`

TARFILE=bu/dhcp$Tm.tar


function ckident
{
    prtime $IAM Cking Ident
	sleep 1

	cd $DIR1
    
	for File in $FILES
	do
		if [ -f $File ] ; then
			ls -l $File
			sum $File
			ident $File
			sleep 1; echo -
		else
			echo $IAM $File is not in $DIR1
		fi

	done
}
function 	dostat
{
    sleep 1;  echo -

    prtime $IAM DHCP configtest RC=$RC

    sleep 1;  echo -

    service dhcpd status
    RC=$?
    sleep 1 ; echo -

	
}

function	dostatus
{
# STATUS Production "service dhcpd status"
#
    prtime $IAM Checking DHCP Status $DIR1

    ckident
    sleep 1

    service dhcpd configtest
    RC=$?

    sleep 1;  echo -

    prtime $IAM DHCP configtest RC=$RC

    sleep 1;  echo -

    service dhcpd status
    RC=$?
    sleep 1 ; echo -

}
function backupProd
{

	if [ "$BN0" = "dbu" ] ; then
		DIR1=/etc/dhcp
	fi

    prtime $IAM Backup via tar Original DHCP Files
    cd $DIR1
	echo In	`pwd`

	if [ -d bu ] ; then
		echo bu dir ok
	else
		mkdir bu
	fi
		
    echo tar cf $TARFILE $FILES
    tar cf $TARFILE $FILES
    RC=$?

	if [ "$RC" != "0" ] ; then	
		echo $IAM backupProd Reports an Error RC=$RC
	else
		echo $IAM backupProd OK RC=$RC
	fi
}

function	do_tail
{
	do_ps
	prtime $IAM: Tailing /var/log/messages for dhcp messages
	sleep 1 

	tail -10 /var/log/messages | grep dhcpd
}

function	do_ps
{
	sleep 2; echo $IAM cking ps for dhcpd
	ps -eaf | grep dhcpd | grep -v grep
	RC=$?
	echo -
	echo -

    if [ "$RC" != "0" ] ; then
		prtime $IAM Status NOT RUNNING RC=$RC
	else
		prtime $IAM Status Shows OK =$RC
	fi
}

function restoreProd
{
    prtime $IAM Restoring Original DHCP Files
    cd $DIR1
    tar xvf $TARFILE
    RC=$?

	if [ "$RC" != "0" ] ; then	
		echo $IAM restoreProd Reports an Error RC=$RC
	else
		echo $IAM restoreProd OK RC=$RC
	fi
}

if [ "$BN0" = "dtest" ] ; then
# {
# Backup the current /opt/dhcpdev files
#
	prtime $host $BN0 In dtest
	DIR0=/tmp
	DIR1=/opt/dhcpdev

	cd $DIR0
	if [ -f $CONFFFILE ] ;  then

		cd $DIR1

		echo IN `pwd`

		backupProd

		cmd="cp $DIR0/$CONFFILE ."
		echo $cmd

		$cmd
		RC=$?
		if [ "$RC" -eq "0" ] ; then
        	echo $IAM COPY is good RC=$RC
			rm -f $DIR0/$CONFFILE
		fi
		echo -

	else
		echo $IAM File $DIR0/$CONFFILE not found
		echo -
	fi

	cd $DIR1
	ckident
	
	echo $IAM: dhcpd -t -cf dhcpd.conf
	dhcpd -t -cf dhcpd.conf
	RC=$?

	if [ "$RC" -eq "0" ] ; then	
		echo $IAM `pwd` Test is good RC=$RC
	else
		echo $IAM Test reports an Error RC=$RC
		echo $IAM Restoring Backup

		restoreProd 
	fi
# }

elif [ "$BN0" = "dinstall" ] ; then
# {
# Backup the current /etc/dhcp files
# Copy from /opt/dhcpdev to /etc/dhcp and test and test
#
    prtime $IAM Starting
	DIR0=/opt/dhcpdev
	DIR1=/etc/dhcp

	dostatus

	cd $DIR0
	if [ -f $CONFFFILE ] ;  then

		cd $DIR1
		echo IN `pwd`
		backupProd

		cmd="cp $DIR0/$CONFFILE ."
		echo $cmd

		$cmd
		RC=$?
		if [ "$RC" -eq "0" ] ; then
			echo -
		else
			echo $IAM Copy Failed
		fi
			
	else
		cd $DIR1
		echo $IAM File $DIR0/$CONFFILE not found
		sleep 1;echo -
	fi

	cd $DIR1
	service dhcpd restart
	RC=$?
	if [ "$RC" != "0" ] ; then
        echo $IAM `pwd` Status Check failed RC=$RC
		exit $RC
    fi

	echo -;	sleep 1

	dostatus
	if [ "$RC" != "0" ] ; then
        echo $IAM `pwd` Status Check failed RC=$RC
		restoreProd
	else
		prtime $IAM Looks good RC=$RC
    fi

# }


elif [ "$BN0" = "drestart" ] ; then
#
# Restart Production "service dhcpd restart"
#
	prtime $IAM Restart Production "service dhcpd restart"
	DIR0=/opt/dhcpdev
	DIR1=/etc/dhcp
	cd $DIR1

	ckident

	sleep 1; echo -
	service dhcpd status
	echo -
	echo service dhcpd restart
	sleep 2; echo -
	service dhcpd status
	sleep 1

	# tail -10 /var/log/messages

	dops

	echo -
	echo -
# }

elif [ "$BN0" = "dstart" ] ; then
# {
# STATUS Production "service dhcpd status"
#
	prtime $IAM START DHCP 
	DIR1=/etc/dhcp

	do_ps
	if [ "$RC" = "0" ] ; then
		echo DHCPD ALREADY RUNNING
		echo -
		sleep 1
		dostat
		exit 1
	fi
	service dhcpd start

 	# tail -10 /var/log/messages | grep dhcpd

	dostatus

	prtime $IAM START DHCP 

# }
elif [ "$BN0" = "dstatus" ] ; then
# {
# STATUS Production "service dhcpd status"
#
	DIR1=/etc/dhcp
	dostatus

 	# tail -10 /var/log/messages | grep dhcpd

	echo -
	echo -
	do_ps
# }

elif [ "$BN0" = "dstart" ] ; then
# {
# STATUS Production "service dhcpd status"
#
	DIR1=/etc/dhcp
	dostatus

	echo $IAM: service dhcpd start
	service dhcpd start

 	# tail -10 /var/log/messages | grep dhcpd

# }
elif [ "$BN0" = "dstatus" ] ; then
# {
# STATUS Production "service dhcpd status"
#
	DIR1=/etc/dhcp
	dostatus
 	# tail -10 /var/log/messages | grep dhcpd

# }
elif [ "$BN0" = "dtail" ] ; then
# {
# Just Tail
#
	do_tail
# }

elif [ "$BN0" = "dbu" ] ; then
# {
# Just Perform a back up of the production files
#
	prtime $IAM Make a backup of the production dhcp files
    DIR1=/etc/dhcp
	cd $DIR1
	backupProd
# }

elif [ "$BN0" = "dstop" ] ; then
# {
# Just Perform a STOP of DHCP
#
	prtime $IAM STOP dhcp
    DIR1=/etc/dhcp
	cd $DIR1
	echo service dhcp stop
	echo -
	service dhcp stop
	RC=$?
	sleep 1
	echo -

	dostatus
# }
else
	echo $IAM Unknown command 
	exit
fi


if [ "$RC" = "0" ] ; then
	echo -
	prtime $IAM Complete RC=$RC
	logger $IAM Complete RC=$RC
else

	echo -
	echo -
	prtime $IAM ERROR RC=$RC
	logger $IAM ERROR RC=$RC
fi

exit $RC

Here are two DHCP configs i helped create. They are a great example of the depths DHCP configuration can go :)

###############################################################################
#
# North Penn Master DHCP Configuration File
# 
# $Id: dhcpd-npmaster.conf,v 1.5 2015/10/15 20:24:44 root Exp $
#
# Included from dhcpd.conf
# # adding this line to force copy
#
###############################################################################
#
# History
#
# 2015/10/15 - BD - Initial in-service version - Production start
#
###############################################################################
#
###############################################################################
#
# Global configurations
#
###############################################################################
authoritative;
ddns-update-style ad-hoc;
default-lease-time 172800;
max-lease-time 604800;
allow bootp;
option dhcp-max-message-size 1024;
option ntp-servers us.pool.ntp.org;

# Set this to your domain name
option domain-name "empacc.net";

# Ener your DNS servers separated by commas ','  
option domain-name-servers 72.18.56.250, 78.18.48.120;

###############################################################################
#
# IPTV Conditional Access (Verimatrix) configurations
#
###############################################################################

## --- Verimatrix specific option defines
option accp_conf code 131 = array of integer 8;
option option-minerva_bootstring code 240 = text;
option option-vm_ini_url code 241 = text;
option option-vm_ini_ver code 242 = text;
option option-rootcert_boot code 243 = text;
option option-rootcert_ver code 244 = text;
#option option-minerva_common code 245 = text;

###############################################################################
#
# IPTV Set-top configurations
#
###############################################################################

#-----------------------------------------------------------
# -- Option defines For ADB STB
#-----------------------------------------------------------
## --- Define option 131 for multicast address ---
option accp_conf code 131 = array of integer 8;
## --- Define option 240 for the Minerva start string ----
option option-minerva_bootstring code 240 = text;
## --- Define option 245 TR69 reporting configuration string ---
option option-245 code 245 = string;

#-----------------------------------------------------------
#-- ADB Class defines
#-----------------------------------------------------------

## --- ADB 3800W ---##

class "adb3800W-Bootloader" {
    match if substring (option vendor-class-identifier, 0, 12) = "minerva3800w";

    # Software upgrade though multicast configuration (Preferred method)
    # Multicast setup below is: 239.1.2.5 port 4545 with 10 seconds timeout  
    # NOTE: port number 4545 calculation is 17*256 + 193 = 4545  
    option accp_conf 239,1,2,5,17,193,10;
}

class "adb3800W-hlcode2" {
    match if substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV3X_1_3800W(ADB)"; 
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -stbm=adb -tbv=5.4 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "21";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "21";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

##--- ADB 5810X ---##

class "adb5810WX-bootloader" {
    match if substring (option vendor-class-identifier, 0, 13) = "minerva5810wx";
    option accp_conf 239,1,2,7,17,193,10;
}

class "adb5810WX-hlcode" {
    match if (substring (option vendor-class-identifier, 0, 24) = "udhcp 1.2.2 (ADB 1.2.20)") or (substring (option vendor-class-identifier, 0, 25) = "udhcp_MRV3X_1_5810WX(ADB)");
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

##--- ADB 5721WNX ---##

class "adb5721wnx-minerva-loader" {
    match if substring (option vendor-class-identifier, 0, 11) ="ADB-5721WNX";
    option accp_conf 239,1,2,11,17,193,10;
}

class "adb5721wnx-minerva-hlcode" {
    match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_5721WNX(ADB)";
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

##--- ADB 2721W ---##

class "adb2721W-bootloader" {
    match if substring (option vendor-class-identifier, 0, 12) ="ADB-2721W";
    option accp_conf 239,1,2,13,17,193,10;
}

class "adb2721W-hlcode" {
    match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_2721W(ADB)";
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

##--- ADB 2721WX ---##

class "adb2721Wx-bootloader" {
    match if substring (option vendor-class-identifier, 0, 12) ="ADB-2721WX";
    option accp_conf 239,1,2,9,17,193,10;
}

class "adb2721Wx-hlcode" {
    match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_2721WX(ADB)";
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

##--- ADB 3721WN ---##

class "adb3721WN-bootloader" {
    match if substring (option vendor-class-identifier, 0, 12) ="ADB-3721WN";
    option accp_conf 239,1,2,15,17,193,10;
}

class "adb3721WN-hlcode" {
    match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_3721WN(ADB)";
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

#-----------------------------------------------------------------------#
#                    TEST SET TOP BOX DEFINES                           #
#                                                                       #
# Define test box classes with special parameters here                  #
#-----------------------------------------------------------------------#

class "ADB-TEST" {
    match substring (hardware, 1, 6);
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -stbm=adb -tbv=5.7 -verid=Verimatrix";
    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "20";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "20";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

subclass "ADB-TEST" 68:63:59:3B:1C:64; # Dan's Desk 2721WX 1
#subclass "ADB-TEST" 00:03:91:BE:38:5E; # Test 1
#subclass "ADB-TEST" 68:63:59:3B:1D:CB; # Test 2
#subclass "ADB-TEST" 68:63:59:3A:CF:30; # Test 3
#subclass "ADB-TEST" 68:63:59:34:96:DF; # Steve 1
#subclass "ADB-TEST" 68:63:59:4F:73:23; # Steve 2
#subclass "ADB-TEST" 68:63:59:4F:15:98; # Steve 3
#subclass "ADB-TEST" 68:63:59:5E:05:22; # Steve 4
#subclass "ADB-TEST" 00:03:91:AD:96:7C; # Steve 5
#subclass "ADB-TEST" 68:63:59:04:21:E4; # Frank Home 1
#subclass "ADB-TEST" 68:63:59:17:66:D8; # Frank Home 2
#subclass "ADB-TEST" 00:03:91:BE:8C:E0; # Frank Home 3
#subclass "ADB-TEST" 68:63:59:3A:CF:57; # Frank Home 4


###############################################################################
#
# Subnet Declarations
# 
# NOTE: It is required to have a subnet decleration for local subnet even if
# this dhcp server is not
# serving any addresses on this range
###############################################################################

# Local subnet declaration - no pool required here

subnet 10.68.0.16 netmask 255.255.255.248 {}

# This should handle all STBs (Copperhead, Viper and Amino) on the 
# 192.168.5.0 network
# The subnet below can probably be removed per Aaron (10/15/15)
#subnet 172.25.1.0 netmask 255.255.255.0 {
#	next-server 172.25.1.150;
#	option routers 172.25.1.1;
#	option broadcast-address 172.25.1.255;
#	pool {
#            failover peer "NP-failover";
#            range 172.25.1.10 172.25.1.254;
#        }
#}

# North Penn Calix C7 Networks
subnet 10.0.0.0 netmask 255.255.0.0 {
	next-server 172.25.1.150;
	option routers 10.0.0.1;
        pool {
            failover peer "NP-failover";
            range 10.0.3.10 10.0.254.254;
	}
}
subnet 11.0.0.0 netmask 255.0.0.0 {
	next-server 172.25.1.150;
	option routers 11.0.0.1;
        pool {
            failover peer "NP-failover";
            range 11.0.0.10 11.1.0.254;
	}
}
subnet 12.0.0.0 netmask 255.0.0.0 {
	next-server 172.25.1.150;
	option routers 12.0.0.1;
        pool {
            failover peer "NP-failover";
            range 12.0.0.10 12.0.254.254;
        }
}
# The subnet below can probably be removed per Aaron (10/15/15)
#subnet 10.192.0.0 netmask 255.255.224.0 {
#	next-server 172.25.1.150;
#        option routers 10.192.0.1;
#        pool {
#            failover peer "NP-failover";
#            range 10.192.0.2 10.192.31.254;
#        }
#}

################################################################################
#
# Internet and VoIP Definitions
#
################################################################################

# AE-ONT options definitions
option space CALIX-ONT-SERVER;
    option CALIX-ONT-SERVER.cms-address code 1 = ip-address;
    option CALIX-ONT-SERVER.second-tftp-address code 2 = ip-address;
    option CALIX-ONT-SERVER.validateMIC code 3 = boolean;
    option CALIX-ONT-SERVER.syslog-address code 4 = ip-address;

#AE ONT
class "CalixONT" {
    match if substring(hardware,1,3) = 00:06:31;
}

#SIP
subnet 10.224.0.0 netmask 255.255.192.0 {
    option subnet-mask 255.255.192.0;
    option domain-name-servers 72.18.56.250, 72.18.48.120;
    option routers 10.224.0.1;
    pool {
        failover peer "NP-failover";
        range 10.224.4.1 10.224.63.254;
    }
}

#Residential Vlan 204
subnet 38.77.12.0 netmask 255.255.252.0 {
    option subnet-mask 255.255.252.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 38.77.12.1;
    pool {
        failover peer "NP-failover";
        range 38.77.12.2 38.77.15.254;
    }
}

#Residential Vlan 205
subnet 38.77.8.0 netmask 255.255.254.0 {
    option subnet-mask 255.255.254.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 38.77.8.1;
    pool {
        failover peer "NP-failover";
        range 38.77.8.10 38.77.9.254;
    }
}

#Residential Vlan 206 pool #1
subnet 38.77.10.0 netmask 255.255.254.0 {
    option subnet-mask 255.255.254.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 38.77.10.1;
    pool {
        failover peer "NP-failover";
        range 38.77.10.2 38.77.11.254;
    }
}
#Residential vlan 211 
subnet 38.77.40.0 netmask 255.255.254.0 {
	option subnet-mask 255.255.254.0;
	option domain-name-servers 73.18.48.120, 72.18.56.250;
	option routers 38.77.40.1;
	pool{
		failover peer "NP-failover";
		range 38.77.40.11 38.77.41.254;
	}
}





#Residential Vlan 207
subnet 66.115.78.0 netmask 255.255.254.0 {
    option subnet-mask 255.255.254.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 66.115.78.1;
    pool {
        failover peer "NP-failover";
        range 66.115.78.10 66.115.79.254;
    }
}

#Residential Vlan 208 
subnet 66.115.74.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.255.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 66.115.74.1;
    pool {
        failover peer "NP-failover";
        range 66.115.74.2 66.115.74.254;
    }
}

#Business Vlan 209
subnet 66.115.75.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.255.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 66.115.75.1;
    pool {
        failover peer "NP-failover";
        range 66.115.75.2 66.115.75.254;
    }
}

# Not sure what this is used for
subnet 104.255.87.0 netmask 255.255.255.0 {
    option subnet-mask 255.255.255.0;
    option domain-name-servers 72.18.48.120, 72.18.56.250;
    option routers 104.255.87.1;
    pool {
        failover peer "NP-failover";
        range 104.255.87.2 104.255.87.245;
    }
}

subnet 10.85.0.0 netmask 255.255.254.0 {
    pool {
        allow members of "CalixONT";
        option tftp-server-name "10.224.0.2";
        option CALIX-ONT-SERVER.second-tftp-address 10.224.0.2;
        option routers 10.85.0.1;
        vendor-option-space CALIX-ONT-SERVER;
        option CALIX-ONT-SERVER.validateMIC off;
        option CALIX-ONT-SERVER.cms-address 10.224.0.2;
        option CALIX-ONT-SERVER.syslog-address 10.224.0.2;
        failover peer "NP-failover";
        range 10.85.0.10 10.85.1.254;
    }
}

#END

I was blown away at how easy large scale DHCP can be just by using simple configuration methods.

This last one is much larger. I am ashamed to say we are handing private IPS out to customers… Many of the location classes in this file are to hand IPS to our DSL customers.

Some of the more interesting bits are the sections that filter by MAC address for specific vendors to determine what class they fall into. This comes in handy when serving content to different set top box types. As you can see this file has a “test” class. I use this for testing different firmware/software loads to test boxes at my desk, fed directly from an ONT (optical network terminal) unit. I specify each of my test box MAC addresses so that they are statically apart of the test group.

# Empire Master DHCP file
# $Id: dhcpd-empiremaster.conf,v 1.8 2015/10/08 16:51:55 root Exp $

authoritative;
ddns-update-style ad-hoc;
allow bootp;

# Global network parameters

default-lease-time 172800;
max-lease-time 604800;
min-lease-time 86400;
option ntp-servers us.pool.ntp.org;
option domain-name "empacc.net";
option domain-name-servers 72.18.48.120, 72.18.56.250;
option dhcp-max-message-size 1024;

## --- Verimatrix specific option defines
option accp_conf code 131 = array of integer 8;
option option-minerva_bootstring code 240 = text;
option option-vm_ini_url code 241 = text;
option option-vm_ini_ver code 242 = text;
option option-rootcert_boot code 243 = text;
option option-rootcert_ver code 244 = text;

# Conditional classification of Pannaway
# network elements on basis of Ethernet
# vendor prefix or DHCP vendor class id

group {
      class "Pannaway.PBG" {
        match if (substring (option vendor-class-identifier, 0, 12) = "Pannaway.PBG");
          next-server 10.103.255.50;
                option root-path "10.103.255.50";
      }

      class "Pannaway.RGN" {
        match if (substring (option vendor-class-identifier, 0, 12) = "Pannaway.RGN");
          next-server 10.103.255.50;
                option root-path "10.103.255.50";
      }

      class "Pannaway" {
        match if (substring (hardware, 1, 3) = 00:0A:9F);
          next-server 10.103.255.50;
                option root-path "10.103.255.50";
      }

      class "RGN.210" {
        match if (substring (hardware, 1, 3) = 00:0E:50);
          next-server 10.103.255.50;
      }

      class "RGN.210v6" {
        match if (substring (hardware, 1, 3) = 00:14:7f);
          next-server 10.103.255.50;
      }

      class "BEC" {
        match if (substring (hardware, 1, 3) = 00:04:ED);
          next-server 10.103.255.50;
      }

      class "RGN.210v6_2" {
        match if (substring (hardware, 1, 3) = 00:90:D0);
          next-server 10.103.255.50;
      }

      class "ONT" {
        match if (substring (hardware, 1, 3) = 00:06:0D);
          next-server 10.103.255.50;
      }
      class "calix_ont" {
        match if (substring (hardware, 1, 3) = 00:06:31);
          next-server 172.16.9.175;
      }
}

class "laptop"{

	match if(substring(hardware,1,6) = 00:11:43:76:88:9d) or (substring(hardware, 1,6)=00:1d:09:ae:8e:07) or (substring(hardware,1,6)=00:11:43:71:83:98);

} 

###----------------------------------------------AMINO-------------------------------------------------------------####

###############################################################################
# Extra Options for AMINO option space (used for multicast)                   #
###############################################################################

        option space AMINO;

        # These options are defined for communication between STB and the DHCP
        # server for the class match (see below). These just need to exist
        option AMINO.product             code  3 = text;
        option AMINO.option              code  4 = text;
        option AMINO.version             code  5 = text;

        # Key values needed for booting the Amino STB, configuring network
        # based applications and managing upgrades
        option AMINO.homepage            code  8 = text;
        option AMINO.STBrc-mcast-address code 12 = ip-address;
        option AMINO.STBrc-mcast-port    code 13 = integer 16;
        option AMINO.STBrc-unicast-port  code 14 = integer 16;
        option AMINO.timezone            code 16 = text;
        option AMINO.mw_args             code 18 = text;
        option AMINO.mirimon_args        code 22 = text;
        option AMINO.software_di         code 25 = integer 16;
        option AMINO.software_uri        code 28 = text;
        option AMINO.igmp_max_ver        code 34 = integer 8;

        # This extra options value is a general option for 3rd party or SDK
        # customers to easily add their own DHCP options
        option AMINO.extra_options       code 32 = text;

        # Optional different way of providing Minerva middleware argments
        # instead of using AMINO.mw_args
        option AMINO.middleware          code  6 = ip-address;
        option AMINO.middleware2         code 17 = ip-address;

        # Defining the Classless Static Route Option (see RFC 3442)
        option classless-static-routes   code 121 = array of integer 8;
        # Example:
        #   Route to 11.0.0.0/255.0.0.0, destination 10.0.0.1
        #     values = {8, 11, 10, 0, 0, 1}
        #   Route to 12.1.0.0/255.255.0.0, destination 10.0.0.1
        #     values = {16, 12, 1, 10, 0, 0, 1}
        #   Route to 12.2.1.0/255.255.255.0, destination 10.0.0.1
        #     values = {24, 12, 2, 1, 10, 0, 0, 1}
        #   Route to 12.3.2.1/255.255.255.255, destination 10.0.0.1
        #     values = {32, 12, 3, 2, 1, 10, 0, 0, 1}
        # Option:
        # option classless-static-routes 8, 11, 10, 0, 0, 1, 16, 12, 1, 10, 0,
        #     0, 1, 24, 12, 2, 1, 10, 0, 0, 1, 32, 12, 3, 2, 1, 10, 0, 0, 1;

###############################################################################
# class "AMINOx0xx"                                                           #
# AMINOx0xx - response to x0xx family STBs during Main and Recovery image boot#
###############################################################################
class "AMINOx0xx"
{
  match if (substring( option vendor-class-identifier, 0, 9)="AMINOx0xx");
    vendor-option-space AMINO;
    option AMINO.mw_args "-bm=0 -ip=172.25.1.150:7780 -asr=/dataservices -stbm=Amino -nnvb=0 -uib=0 -cso=thinkstuff_amino";
#    option AMINO.software_uri "igmp://239.1.3.1:4545";
    option AMINO.software_uri "http://172.25.1.51/amino/x0x.mcfs";
}

###############################################################################
# class "AMINOx4x"                                                            #
# AMINOx4x - response to x4x family STBs during Main and Recovery image boot  #
###############################################################################
class "AMINOx4x"
{
  match if (substring( option vendor-class-identifier, 0, 8)="AMINOx4x");
    vendor-option-space AMINO;
    option AMINO.mw_args "-bm=0 -ip=172.25.1.150:7780 -asr=/dataservices -stbm=Amino -nnvb=0 -uib=0 -cso=thinkstuff_amino";
#    option AMINO.software_uri "igmp://239.1.3.2:4545";
    option AMINO.software_uri "http://172.25.1.51/amino/x4x.mcfs";
}

###############################################################################
# class "AMINOx5x"                                                            #
# AMINOx5x - response to x5x family STBs during Main and Recovery image boot  #
###############################################################################
class "AMINOx5x"
{
  match if (substring( option vendor-class-identifier, 0, 8)="AMINOx5x");
    vendor-option-space AMINO;
#    option AMINO.mw_args "-bm=0 -ip=172.25.1.150:7780 -asr=/dataservices -stbm=Amino -nnvb=0 -tbv=5.7 -hbip=172.25.1.150:4440 -hbp=5 -cso=thinkstuff_amino";
#    option AMINO.mw_args "-ip=172.25.1.150:7780 -eip=172.25.1.150:8500 -cso=thinkstuff_amino -bm=0 -asr=/dataservices -stbm=Amino -nnvb=0";
    option AMINO.mw_args "-ip=172.25.1.150:7780 -cso=thinkstuff_amino -bm=0 -asr=/dataservices -stbm=Amino -uib=0";
    option AMINO.software_uri "igmp://239.1.3.3:4545";
#    option AMINO.software_uri "http://172.25.1.51/amino/x5x.mcfs";
}

###############################
# Option Space for Entone boot                                               
###############################

option space ENTONE;
option ENTONE.SIGNATURE code 99 = text;
option ENTONE.FIRMWARE_VERSION code 100 = text;
option ENTONE.FIRMWARE_FILENAME code 101 = text;
option ENTONE.APP_URL code 102 = text;
option ENTONE.DECODER_APP_FALLBACK code 105 = text;
option ENTONE.ENTONEINI code 106 = text;
option ENTONE.DECODER_LOADER_VERSION code 110 = text;
option ENTONE.DECODER_LOADER_FILENAME code 111 = text;
option ENTONE.DECODER_LOADER_FALLBACK code 112 = text;
option ENTONE.DECODER_APP_VERSION code 113 = text;
option ENTONE.DECODER_APP_FILENAME code 114 = text;

##################
# Entone Set-top Class Definitions
##################

# Amulet 500 series secured
# For BBL
class "ENTONE-ESBOOT-B72-A5"{
    match if substring (option vendor-class-identifier, 0, 20)="ENTONE-ESBOOT-B72-A5";
    vendor-option-space ENTONE;
    option ENTONE.ENTONEINI "http://172.25.1.51/entone/entone_boot.ini";
    next-server 172.25.1.150;
}

# Amulet 500 series secured
# For APP
class "ENTONE-ESAPP-B72-A5" {
    match if substring (option vendor-class-identifier, 0, 19)="ENTONE-ESAPP-B72-A5";
    vendor-option-space ENTONE;
    option ENTONE.ENTONEINI "http://172.25.1.51/entone/entone_boot.ini";
    next-server 172.25.1.150;
}
####################################################################

# Kamai 500 series secured
# For BBL
class "ENTONE-ESBOOT-B72-K5"{
    match if substring (option vendor-class-identifier, 0, 20)="ENTONE-ESBOOT-B72-K5";
    vendor-option-space ENTONE;
    option ENTONE.ENTONEINI "http://172.25.1.51/entone/entone_boot.ini";
    next-server 172.25.1.150;
}

# Amulet 500 series secured
# For APP
class "ENTONE-ESAPP-B72-K5" {
    match if substring (option vendor-class-identifier, 0, 19)="ENTONE-ESAPP-B72-K5";
    vendor-option-space ENTONE;
    option ENTONE.ENTONEINI "http://172.25.1.51/entone/entone_boot.ini";
    next-server 172.25.1.150;
}


# ------------------------------------------------------------
# -- Option defines For ADB STB
# -----------------------------------------------------------

## --- Define option 131 for multicast address ---
option accp_conf code 131 = array of integer 8;

## --- Define option 240 for the Minerva start string ----
option option-minerva_bootstring code 240 = text;
option option-245 code 245 = string;

#-----------------------------------------------------------------------#
#                 3800W TEST SET TOP BOX DEFINES                        #
#                                                                       #
# Define test box class with special parameters here                    #
#  Add individual set-tops as sub-classes                               #
#-----------------------------------------------------------------------#

class "ADB-TEST-3800W" {
    match pick-first-value (substring (hardware, 1, 6));

    # Change to boot from test loader and use Minerva 5.4 hl code
    option accp_conf 239,1,3,20,17,193,10;
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -uib=0 -stbm=adb -tbv=5.4 -verid=Verimatrix";
}
subclass "ADB-TEST-3800W" 00:03:91:AA:0C:05; # Bentley test box
subclass "ADB-TEST-3800W" 00:03:91:AD:75:66; # Prattsburgh NOC test box

# -----------------------------------------------------------
# -- 3800W Minerva LOADER -----------------------------------
# -----------------------------------------------------------

class "adb3800W-bootloader" {
  match if (substring (option vendor-class-identifier, 0, 12) = "minerva3800w"); 

#Multicast channel configuration 239.38.00.30:4545 with 10 seconds timeout
#NOTE: port number 4545 calculation is 17*256 + 193 = 4545  
  option accp_conf 239,1,2,5,17,193,10;
}

# -----------------------------------------------------------
# -- 3800W HLCODE -- #
# -----------------------------------------------------------

class "adb3800W-hlcode" {
  match if substring (option vendor-class-identifier, 0, 24) = "udhcp_MRV3X_1_3800W(ADB)";

  # -- Minerva boot string 
  option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -nnvb=1 -stbm=ADB -tbv=4.1 -hbip=172.25.1.150:4440 -hbp=5 -verid=Verimatrix";

  #Verimatrix options
  option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
  option option-vm_ini_ver "36";
  option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
  option option-rootcert_ver "36";
  option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

#-----------------------------------------------------------------------#
#                 2721W TEST SET TOP BOX DEFINES                        #
#                                                                       #
# Define test box class with special parameters here                    #
#  Add individual set-tops as sub-classes                               #
#-----------------------------------------------------------------------#

class "ADB-TEST-2721W" {
    match pick-first-value (substring (hardware, 1, 6));

    # Change to boot from test loader and use Minerva 5.7 hl code
    option accp_conf 239,1,3,10,17,193,10;
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -uib=0 -stbm=ADB -tbv=5.7 -verid=Verimatrix";
}
subclass "ADB-TEST-2721W" 68:63:59:8C:E7:01; # Bentley Creek test box
subclass "ADB-TEST-2721W" 68:63:59:4F:98:00; # Prattsburgh NOC test box

# -----------------------------------------------------------
# -- 2721w Minerva LOADER -----------------------------------
# -----------------------------------------------------------

class "adb2721W-bootloader" {
  match if substring (option vendor-class-identifier, 0, 12) = "ADB-2721W"; 

#Multicast channel configuration 239.38.00.30:4545 with 10 seconds timeout
#NOTE: port number 4545 calculation is 17*256 + 193 = 4545  
  option accp_conf 239,1,2,13,17,193,10;
}

# -----------------------------------------------------------
# -- 2721w HLCODE -- #
# -----------------------------------------------------------

class "adb2721W-hlcode" {

match if substring (option vendor-class-identifier, 0, 22) = "udhcp_MRV_2721W(ADB)";

    # -- Minerva boot string 
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780  -stbm=ADB -tbv=5.7 -hbip=172.25.1.150:4440 -hbp=5 -verid=Verimatrix";

    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "36";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "36";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

#-----------------------------------------------------------------------#
#                 2721WX TEST SET TOP BOX DEFINES                       #
#                                                                       #
# Define test box class with special parameters here                    #
#  Add individual set-tops as sub-classes                               #
#-----------------------------------------------------------------------#

class "ADB-TEST-2721WX" {
    match pick-first-value (substring (hardware, 1, 6));

    # Changed to boot from Dan's test loader and use Minerva 5.7 hl code
    option accp_conf 239,1,3,11,17,193,10;
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -uib=0 -stbm=ADB -tbv=5.7 -verid=Verimatrix";
}
#subclass "ADB-TEST-2721WX" 68:63:59:97:1C:F9; # Bentley Creek test box
subclass "ADB-TEST-2721WX" 68:63:59:3B:1C:64; # Dans desk 1
# -----------------------------------------------------------
# -- 2721wx Minerva LOADER -----------------------------------
# -----------------------------------------------------------

class "adb2721Wx-bootloader" {
    match if substring (option vendor-class-identifier, 0, 12) = "ADB-2721WX"; 

    #Multicast channel configuration 239.38.00.30:4545 with 10 seconds timeout
    #NOTE: port number 4545 calculation is 17*256 + 193 = 4545  
    option accp_conf 239,1,2,9,17,193,10;
}

# -----------------------------------------------------------
# -- 2721wx HLCODE -- #
# -----------------------------------------------------------

class "adb2721Wx-hlcode" {
    match if substring (option vendor-class-identifier, 0, 22) = "udhcp_MRV_2721WX(ADB)";

    # -- Minerva boot string 
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780  -stbm=ADB -tbv=5.7 -hbip=172.25.1.150:4440 -hbp=5 -verid=Verimatrix";

    #Verimatrix options
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "36";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "36";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

# -----------------------------------------------------------
# --  ADB-3721WN bootloader class ------------------
# -----------------------------------------------------------

class "adb3721WN-bootloader" {
        match if substring (option vendor-class-identifier, 0, 12) ="ADB-3721WN";

        # For casting code at 239.1.2.9:4545 with timeout of 10 secs.
        option accp_conf 239,1,2,15,17,193,10;
}


# -----------------------------------------------------------
# -- ADB-3721WN application class -----------------
# -----------------------------------------------------------

class "adb3721WN-hlcode" {
        match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_3721WN(ADB)";

 # -- Minerva boot string
   option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";
}

# -----------------------------------------------------------
# -- ADB-5721WNX bootloader class ------------------
# -----------------------------------------------------------

class "adb5721wnx-minerva-loader" {
        match if substring (option vendor-class-identifier, 0, 11) ="ADB-5721WNX";

        # For casting code at 239.1.2.9:4545 with timeout of 10 secs.
        option accp_conf 239,1,2,11,17,193,10;
}


# -----------------------------------------------------------
# -- ADB-5721WNX application class -----------------
# -----------------------------------------------------------
class "adb5721wnx-minerva-hlcode" {
        match if substring (option vendor-class-identifier, 0, 22) ="udhcp_MRV_5721WNX(ADB)";

  # -- Minerva boot string
   option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -hbip=172.25.1.150:4440 -hbp=5 -nnvb=1 -tbv=5.4 -stbm=adb -uib=1 -verid=Verimatrix";

        # Verimatrix CA specific options (USED ONLY WHEN VM CA IS USED)

        option option-rootcert_boot "http:/172.25.1.150/vcas/rootcert.pem";
        option option-rootcert_ver "36";
        option option-vm_ini_url "http:/172.25.1.150/vcas/VERIMATRIX.INI";
        option option-vm_ini_ver "36";
}


#---------------------------------------------------------------------------------------------------------------------------
#------------------------------------------ADB 5810WX LOADER----------------------------------------------------------------#
#---------------------------------------------------------------------------------------------------------------------------

class "adb5810WX-bootloader" {
    match if (substring (option vendor-class-identifier, 0, 13) = "minerva5810wx");

    #Multicast channel configuration
    option accp_conf 239,1,2,7,17,193,10;
}

#---------------------------------------------------------------------------------------------------------------------------
#---------------------------------------------5810WX HLCODE-----------------------------------------------------------------#
#---------------------------------------------------------------------------------------------------------------------------

class "adb5810WX-hlcode" {
  match if (substring (option vendor-class-identifier, 0, 25) = "udhcp_MRV3X_1_5810WX(ADB)");

    # -- Minerva boot string
#    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -nnvb=1 -stbm=adb -uib=1 -tbv=4.1 -hbip=172.25.1.150:4440 -hbp=5 -verid=Verimatrix";
    option option-minerva_bootstring "-bm=0 -ip=172.25.1.150:7780 -nnvb=1 -stbm=adb -tbv=4.1 -hbip=172.25.1.150:4440 -hbp=5 -verid=Verimatrix";


    #Verimatrix changes
    option option-vm_ini_url "http://172.25.1.150/vcas/VERIMATRIX.INI";
    option option-vm_ini_ver "36";
    option option-rootcert_boot "http://172.25.1.150/vcas/rootcert.pem";
    option option-rootcert_ver "36";
    option option-245 "tr069=http://172.25.1.220:8080/xvucwmp/cwmp";
}

#*****************************************************************************************************
#*****************************************************************************************************
#                                                                                                    *
# Subnet, pool and allow declarations  - See GPON subnets at the end of DHCP file                    *
#                                                                                                    *
#*****************************************************************************************************
#*****************************************************************************************************


##################### DATA NETWORK POOL SECTION ##########################
#
# Local DHCP server subnets

subnet 10.68.0.0 netmask 255.255.255.248 {}

subnet 10.103.255.48 netmask 255.255.255.252 {}

# VM Server Network - This runs in its own failover pool

subnet 172.17.0.0 netmask 255.255.254.0 {
  option subnet-mask 255.255.254.0;
  option routers 172.17.1.254;
  option domain-name "empacc.net";
  option domain-name-servers 172.16.44.11, 172.16.9.8;
  pool {
    failover peer "VM-failover";
    range 172.17.0.51 172.17.0.254;
  }
}

# Prattsburgh subnet

subnet 10.103.0.0 netmask 255.255.252.0 {
  option subnet-mask 255.255.252.0;
  option routers 10.103.1.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.1.100 10.103.3.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6"; 
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
    allow members of "ONT";
  }
}

subnet 10.103.4.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.4.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.4.21 10.103.4.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

# Pulteney subnets

subnet 10.103.5.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.5.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.5.80 10.103.5.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC"; 
  }
}

subnet 10.103.6.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.6.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.6.21 10.103.6.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.7.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.7.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.7.21 10.103.7.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.8.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.8.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.8.21 10.103.8.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.0 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.1;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.2 172.16.144.6;
  }
}

# Urbana Subnets

subnet 10.103.9.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.9.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.9.21 10.103.9.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
    allow members of "ONT";
  }
}

subnet 10.103.10.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.10.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.10.21 10.103.10.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.11.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.11.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.11.21 10.103.11.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.12.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.12.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.12.21 10.103.12.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.8 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.9;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.10 172.16.144.14;
  }
}

# Naples Subnets

subnet 10.103.13.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.13.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.13.21 10.103.13.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.14.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.14.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.14.21 10.103.14.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.16 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.17;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.18 172.16.144.22;
  }
}

# Italy Subnets

subnet 10.103.15.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.15.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.15.21 10.103.15.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.103.16.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.16.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.16.21 10.103.16.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.24 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.25;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.26 172.16.144.30;
  }
}

# Armstrong Subnets

subnet 10.103.17.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.17.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.17.21 10.103.17.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC"; 
  }
}

subnet 10.103.18.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.18.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.18.21 10.103.18.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC"; 
  }
}

subnet 172.16.144.32 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.33;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.34 172.16.144.38;
  }
}

# E Hill Subnet

subnet 10.103.19.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.19.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.19.21 10.103.19.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.40 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.41;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.42 172.16.144.46;
  }
}

# Elmbois Subnet

subnet 10.103.20.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.20.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.20.21 10.103.20.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.48 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.49;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.50 172.16.144.54;
  }
}

# Wheeler Subnet

subnet 10.103.21.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.21.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.21.21 10.103.21.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.56 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.57;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.58 172.16.144.62;
  }
}

# Mattoon Subnet

subnet 10.103.22.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.22.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.22.21 10.103.22.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.64 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.65;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.66 172.16.144.70;
  }
}

#Bean Station

subnet 10.103.24.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.103.24.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.24.21 10.103.24.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.72 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.73;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.74 172.16.144.78;
  }
}

#Bullyhill

subnet 10.103.26.0 netmask 255.255.254.0 {
  option subnet-mask 255.255.254.0;
  option routers 10.103.26.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.26.21 10.103.27.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.144.80 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.144.81;
  pool {
    failover peer "Empire-failover";
    range 172.16.144.82 172.16.144.86;
  }
}

# Burdett subnets

subnet 10.104.1.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.1.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.1.50 10.104.1.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
    allow members of "ONT";
  }
}

subnet 10.104.2.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.2.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.2.21 10.104.2.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.3.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.3.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.3.21 10.104.3.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.4.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.4.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.4.21 10.104.4.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

# Lodi Point Subnet

subnet 10.104.5.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.5.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.5.21 10.104.5.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.0 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.1;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.2 172.16.105.6;
  }
}

# Lodi Subnet

subnet 10.104.6.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.6.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.6.21 10.104.6.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.7.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.7.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.7.21 10.104.7.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.8 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.9;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.10 172.16.105.14;
  }
}


# Caywood Subnet

subnet 10.104.8.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.8.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.8.21 10.104.8.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.9.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.9.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.9.21 10.104.9.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.16 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.17;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.18 172.16.105.22;
  }
}

# Valois Subnet

subnet 10.104.10.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.10.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.10.21 10.104.10.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.11.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.11.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.11.21 10.104.11.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.24 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.25;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.26 172.16.105.30;
  }
}

# Hector Subnet

subnet 10.104.12.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.12.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.12.21 10.104.12.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.13.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.13.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.13.21 10.104.13.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.32 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.33;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.34 172.16.105.38;
  }
}

# Logan Subnet

subnet 10.104.14.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.14.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.14.21 10.104.14.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.40 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.41;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.42 172.16.105.46;
  }
}

# Reynoldsville Subnet

subnet 10.104.15.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.15.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.15.21 10.104.15.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC"; 
  }
}

subnet 10.104.16.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.16.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.16.21 10.104.16.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.48 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.49;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.50 172.16.105.54;
  }
}

# Stage Subnet

subnet 10.104.17.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.17.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.17.21 10.104.17.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.18.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.18.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.18.21 10.104.18.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.56 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.57;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.58 172.16.105.62;
  }
}

# Lake Subnet

subnet 10.104.19.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.19.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.19.21 10.104.19.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.64 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.65;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.66 172.16.105.70;
  }
}

# Odessa Subnet

subnet 10.104.20.0 netmask 255.255.252.0 {
  option subnet-mask 255.255.252.0;
  option routers 10.104.21.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.21.120 10.104.23.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "ONT";
    allow members of "BEC";
  }
}

subnet 10.104.24.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.24.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.24.21 10.104.24.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.72 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.73;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.74 172.16.105.78;
  }
}

# Alpine Subnet

subnet 10.104.25.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.25.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.25.21 10.104.25.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.26.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.26.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.26.21 10.104.26.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.27.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.27.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.27.21 10.104.27.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.28.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.28.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.28.21 10.104.28.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC"; 
  }
}

subnet 172.16.105.80 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.81;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.82 172.16.105.86;
  }
}

# Wagner Subnet

subnet 10.104.29.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.29.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.29.21 10.104.29.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.88 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.89;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.90 172.16.105.94;
  }
}

#Frost Hill

subnet 10.104.35.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.35.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.35.21 10.104.35.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.112 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.113;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.114 172.16.105.118;
  }
}

#Lake Grove

subnet 10.104.36.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.36.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.36.21 10.104.36.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.120 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.121;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.122 172.16.105.126;
  }
}

# Auble Subnet

subnet 10.104.30.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.30.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.30.21 10.104.30.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.104.31.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.31.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.31.21 10.104.31.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.96 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.97;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.98 172.16.105.102;
  }
}

# East Pembroke Subnets

subnet 10.105.1.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.1.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.1.21 10.105.1.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2";
    allow members of "BEC";
    allow members of "ONT"; 
  }
}

subnet 10.105.2.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.2.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.2.21 10.105.2.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

subnet 10.105.3.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.3.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.3.21 10.105.3.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

subnet 10.105.4.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.4.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.4.21 10.105.4.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

# North Pembroke Subnets

subnet 10.105.5.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.5.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.5.21 10.105.5.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.105.6.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.6.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.6.21 10.105.6.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

subnet 172.16.170.0 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.170.1;
  pool {
    failover peer "Empire-failover";
    range 172.16.170.3 172.16.170.6;
  }
}

# CO RT 5 Cabinet Subnets

subnet 10.105.7.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.7.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.7.21 10.105.7.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.105.8.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.8.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.8.21 10.105.8.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

subnet 172.16.170.8 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.170.9;
  pool {
    failover peer "Empire-failover";
    range 172.16.170.11 172.16.170.14;
  }
}

# Indian Falls Subnets

subnet 10.105.9.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.9.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.9.21 10.105.9.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 10.105.10.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.10.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.10.21 10.105.10.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
  }
}

subnet 172.16.170.16 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.170.17;
  pool {
    failover peer "Empire-failover";
    range 172.16.170.19 172.16.170.22;
  }
}

# Wilkinson Subnets

subnet 10.105.11.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.105.11.1;
  pool {
    failover peer "Empire-failover";
    range 10.105.11.21 10.105.11.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.170.24 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.170.25;
  pool {
    failover peer "Empire-failover";
    range 172.16.170.27 172.16.170.30;
  }
}

# Stewart Road Subnet

subnet 10.104.33.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.104.33.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.33.21 10.104.33.254;
    allow members of "Pannaway.PBG";
    allow members of "Pannaway.RGN";
    allow members of "Pannaway";
    allow members of "RGN.210";
    allow members of "RGN.210v6";
    allow members of "RGN.210v6_2"; 
    allow members of "BEC";
  }
}

subnet 172.16.105.104 netmask 255.255.255.248 {
  option subnet-mask 255.255.255.248;
  option routers 172.16.105.105;
  pool {
    failover peer "Empire-failover";
    range 172.16.105.106 172.16.105.110;
  }
}


######## GPON

# Prattsburgh GPON ONTs

subnet 10.113.0.0 netmask 255.255.252.0 {
  option subnet-mask 255.255.252.0;
  option routers 10.113.0.1;
  pool {
    failover peer "Empire-failover";
    range 10.113.0.34 10.113.3.254;
    allow members of "ONT";
  }
} 

# Urbana GPON ONTs

subnet 10.113.9.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option routers 10.113.9.1;
  pool {
    failover peer "Empire-failover";
    range 10.113.9.34 10.113.9.254;
    allow members of "ONT";
  }
}

# Odessa GPON ONTs

subnet 10.114.20.0 netmask 255.255.252.0 {
  option subnet-mask 255.255.252.0;
  option routers 10.114.21.1;
  pool {
    failover peer "Empire-failover";
    range 10.114.21.34 10.114.23.254;
    allow members of "ONT";
  }
}

# burdett GPON ONTs

subnet 10.114.0.0 netmask 255.255.252.0 {
  option subnet-mask 255.255.252.0;
  option routers 10.114.0.1;
  pool {
    failover peer "Empire-failover";
    range 10.114.0.34 10.114.3.254;
    allow members of "ONT";
    allow members of "BEC";
  }
}

# burdett Calix GPON ONTs

subnet 10.104.210.0 netmask 255.255.254.0 {
  option subnet-mask 255.255.254.0;
  option routers 10.104.210.1;
  pool {
    failover peer "Empire-failover";
    range 10.104.210.75 10.104.211.254;
    allow members of "calix_ont";
  }
}

# prattsburgh Calix GPON ONTs

subnet 10.103.210.0 netmask 255.255.254.0 {
  option subnet-mask 255.255.254.0;
  option routers 10.103.210.1;
  pool {
    failover peer "Empire-failover";
    range 10.103.210.75 10.103.211.254;
    allow members of "calix_ont";
  }
}
####################VIDEO RANGE SECTION###########################
#
# Subnets identified here are for set-top booting
#
#

#Temporary space for Armstrong

subnet 172.25.1.0 netmask 255.255.255.0 {
	option routers 172.25.1.1;
	option broadcast-address 172.25.1.255;
	pool {
	        failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 172.25.1.200 172.25.1.220;
	}
}

# Empire pannaway
# # prattsburgh

subnet 10.103.48.0 netmask 255.255.240.0 {
	option routers 10.103.48.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.48.4 10.103.63.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	        allow members of "adb2721W-bootloader";
                allow members of "adb2721W-hlcode";
                allow members of "adb2721Wx-bootloader";
		allow members of "adb2721Wx-hlcode";	
		allow members of "adb3721WN-hlcode";
		allow members of "adb3721WN-bootloader";	
		allow members of "adb5721wnx-minerva-hlcode";
                allow members of "adb5721wnx-minerva-loader";
        }
}

subnet 10.103.64.0 netmask 255.255.248.0 {
	option routers 10.103.64.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.64.4 10.103.71.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.72.0 netmask 255.255.248.0 {
	option routers 10.103.72.1;
	pool {
		failover peer "Empire-failover";
                next-server 172.25.1.104;
		range 10.103.72.4 10.103.79.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

##pulteney

subnet 10.103.80.0 netmask 255.255.252.0 {
	option routers 10.103.80.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.80.4 10.103.83.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.84.0 netmask 255.255.252.0 {
	option routers 10.103.84.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.84.4 10.103.87.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.88.0 netmask 255.255.252.0 {
	option routers 10.103.88.1;
	pool {
		failover peer "Empire-failover";
                next-server 172.25.1.104;
		range 10.103.88.4 10.103.91.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.92.0 netmask 255.255.252.0 {
	option routers 10.103.92.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.92.4 10.103.95.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Urbana

subnet 10.103.96.0 netmask 255.255.252.0 {
	option routers 10.103.96.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.96.4 10.103.99.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.100.0 netmask 255.255.252.0 {
	option routers 10.103.100.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.100.4 10.103.103.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.104.0 netmask 255.255.252.0 {
	option routers 10.103.104.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.104.4 10.103.107.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.108.0 netmask 255.255.252.0 {
	option routers 10.103.108.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.108.4 10.103.111.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Naples

subnet 10.103.112.0 netmask 255.255.252.0 {
	option routers 10.103.112.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.112.4 10.103.115.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.103.116.0 netmask 255.255.252.0 {
	option routers 10.103.116.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.116.4 10.103.119.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Italy

subnet 10.103.120.0 netmask 255.255.252.0 {
	option routers 10.103.120.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.120.4 10.103.123.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Armstrong

subnet 10.103.128.0 netmask 255.255.252.0 {
	option routers 10.103.128.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.128.4 10.103.131.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
       }
}

subnet 10.103.132.0 netmask 255.255.252.0 {
	option routers 10.103.132.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.132.4 10.103.135.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#E Hill

subnet 10.103.136.0 netmask 255.255.252.0 {
	option routers 10.103.136.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.136.4 10.103.139.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Elmbois

subnet 10.103.140.0 netmask 255.255.252.0 {
	option routers 10.103.140.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.140.4 10.103.143.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Wheeler

subnet 10.103.144.0 netmask 255.255.252.0 {
	option routers 10.103.144.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.144.4 10.103.147.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Mattoon

subnet 10.103.148.0 netmask 255.255.254.0 {
	option routers 10.103.148.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.148.4 10.103.149.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Bean Station

subnet 10.103.152.0 netmask 255.255.252.0 {
	option routers 10.103.152.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.152.4 10.103.155.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Bully Hill

subnet 10.103.156.0 netmask 255.255.252.0 {
	option routers 10.103.156.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.103.156.4 10.103.159.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
       }
}

#Burdett CO

##Burdett

subnet 10.104.48.0 netmask 255.255.252.0 {
	option routers 10.104.48.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.48.4 10.104.51.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	        allow members of "adb2721W-bootloader";
                allow members of "adb2721W-hlcode";
                allow members of "adb2721Wx-bootloader";
		allow members of "adb2721Wx-hlcode";
		allow members of "adb3721WN-hlcode";
		allow members of "adb3721WN-bootloader";	
        }
}

subnet 10.104.52.0 netmask 255.255.252.0 {
	option routers 10.104.52.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.52.4 10.104.55.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.56.0 netmask 255.255.252.0 {
	option routers 10.104.56.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.56.4 10.104.59.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.60.0 netmask 255.255.252.0 {
	option routers 10.104.60.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.60.4 10.104.63.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Lodi Point

subnet 10.104.64.0 netmask 255.255.252.0 {
	option routers 10.104.64.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.64.4 10.104.67.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Lodi

subnet 10.104.68.0 netmask 255.255.252.0 {
	option routers 10.104.68.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.68.4 10.104.71.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.72.0 netmask 255.255.252.0 {
	option routers 10.104.72.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.72.4 10.104.75.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Caywood

subnet 10.104.76.0 netmask 255.255.252.0 {
	option routers 10.104.76.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.76.4 10.104.79.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.80.0 netmask 255.255.252.0 {
	option routers 10.104.80.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.80.4 10.104.83.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Valois

subnet 10.104.84.0 netmask 255.255.252.0 {
	option routers 10.104.84.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.84.4 10.104.87.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.88.0 netmask 255.255.252.0 {
	option routers 10.104.88.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.88.4 10.104.91.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Hector

subnet 10.104.92.0 netmask 255.255.252.0 {
	option routers 10.104.92.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.92.4 10.104.95.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.96.0 netmask 255.255.252.0 {
	option routers 10.104.96.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.96.4 10.104.99.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Logan

subnet 10.104.100.0 netmask 255.255.252.0 {
	option routers 10.104.100.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.100.4 10.104.103.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Reynoldsville

subnet 10.104.104.0 netmask 255.255.252.0 {
	option routers 10.104.104.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.104.4 10.104.107.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.108.0 netmask 255.255.252.0 {
	option routers 10.104.108.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.108.4 10.104.111.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Stage

subnet 10.104.112.0 netmask 255.255.252.0 {
	option routers 10.104.112.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.112.4 10.104.115.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	}
}

subnet 10.104.116.0 netmask 255.255.252.0 {
	option routers 10.104.116.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.116.4 10.104.119.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Lake

subnet 10.104.120.0 netmask 255.255.252.0 {
	option routers 10.104.120.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.120.4 10.104.123.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.124.0 netmask 255.255.252.0 {
	option routers 10.104.124.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.124.4 10.104.127.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Odessa

subnet 10.104.128.0 netmask 255.255.240.0 {
	option routers 10.104.128.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.128.4 10.104.143.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	        allow members of "adb2721W-bootloader";
                allow members of "adb2721W-hlcode";
                allow members of "adb2721Wx-bootloader";
		allow members of "adb2721Wx-hlcode";
		allow members of "adb3721WN-hlcode";
		allow members of "adb3721WN-bootloader";	
        }
}

#Alpine

subnet 10.104.144.0 netmask 255.255.252.0 {
	option routers 10.104.144.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.144.4 10.104.147.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.148.0 netmask 255.255.252.0 {
	option routers 10.104.148.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.148.4 10.104.151.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.152.0 netmask 255.255.252.0 {
	option routers 10.104.152.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.152.4 10.104.155.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.156.0 netmask 255.255.252.0 {
	option routers 10.104.156.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.156.4 10.104.159.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Wagner

subnet 10.104.160.0 netmask 255.255.252.0 {
	option routers 10.104.160.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.160.4 10.104.163.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Frost Hill

subnet 10.104.184.0 netmask 255.255.252.0 {
	option routers 10.104.184.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.184.4 10.104.187.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Lake Grove

subnet 10.104.188.0 netmask 255.255.252.0 {
	option routers 10.104.188.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.188.4 10.104.191.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Auble

subnet 10.104.164.0 netmask 255.255.252.0 {
	option routers 10.104.164.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.164.4 10.104.167.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.168.0 netmask 255.255.252.0 {
	option routers 10.104.168.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.168.4 10.104.171.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.172.0 netmask 255.255.252.0 {
	option routers 10.104.172.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.172.4 10.104.175.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Stewart Rd

subnet 10.104.176.0 netmask 255.255.252.0 {
	option routers 10.104.176.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.176.4 10.104.179.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.104.180.0 netmask 255.255.252.0 {
	option routers 10.104.180.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.180.4 10.104.183.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Pembroke CO

##East Pembroke

subnet 10.105.48.0 netmask 255.255.252.0 {
	option routers 10.105.48.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.48.4 10.105.51.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.52.0 netmask 255.255.252.0 {
	option routers 10.105.52.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.52.4 10.105.55.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.56.0 netmask 255.255.252.0 {
	option routers 10.105.56.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.56.4 10.105.59.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.60.0 netmask 255.255.252.0 {
	option routers 10.105.60.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.60.4 10.105.63.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#North Pembroke

subnet 10.105.64.0 netmask 255.255.252.0 {
	option routers 10.105.64.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.64.4 10.105.67.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.68.0 netmask 255.255.252.0 {
	option routers 10.105.68.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.68.4 10.105.71.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.72.0 netmask 255.255.252.0 {
	option routers 10.105.72.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.72.4 10.105.75.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.76.0 netmask 255.255.252.0 {
	option routers 10.105.76.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.76.4 10.105.79.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Indian Falls

subnet 10.105.80.0 netmask 255.255.252.0 {
	option routers 10.105.80.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.80.4 10.105.83.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.84.0 netmask 255.255.252.0 {
	option routers 10.105.84.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.84.4 10.105.87.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#Wilkinson

subnet 10.105.88.0 netmask 255.255.252.0 {
	option routers 10.105.88.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.88.4 10.105.91.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

#CO RT 5 Cabinet

subnet 10.105.92.0 netmask 255.255.252.0 {
	option routers 10.105.92.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.92.4 10.105.95.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.96.0 netmask 255.255.252.0 {
	option routers 10.105.96.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.96.4 10.105.99.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.100.0 netmask 255.255.252.0 {
	option routers 10.105.100.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.100.4 10.105.103.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

subnet 10.105.104.0 netmask 255.255.252.0 {
	option routers 10.105.104.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.105.104.4 10.105.107.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
        }
}

# Calix - VLAN 302

subnet 10.104.192.0 netmask 255.255.240.0 {
	option routers 10.104.192.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.192.100 10.104.207.254;
		allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	        allow members of "adb2721W-bootloader";
                allow members of "adb2721W-hlcode";
                allow members of "adb2721Wx-bootloader";
		allow members of "adb2721Wx-hlcode";
		allow members of "adb3721WN-hlcode";
		allow members of "adb3721WN-bootloader";	
		allow members of "adb5721wnx-minerva-hlcode";
		allow members of "adb5721wnx-minerva-loader";
                allow members of "ADB-TEST-3800W";
                allow members of "ADB-TEST-2721W";
                allow members of "ADB-TEST-2721WX";
                allow members of "AMINOx0xx";
                allow members of "AMINOx4x";
                allow members of "AMINOx5x";
                allow members of "ENTONE-ESBOOT-B72-A5";
                allow members of "ENTONE-ESAPP-B72-A5";
                allow members of "ENTONE-ESBOOT-B72-K5";
                allow members of "ENTONE-ESAPP-B72-K5";
        }
}

####NEW Video range - VLAN 301

subnet 10.104.224.0 netmask 255.255.240.0 {
	option routers 10.104.224.1;
	pool {
                failover peer "Empire-failover";
		next-server 172.25.1.104;
		range 10.104.224.1 10.104.239.254;
		
                allow members of "adb3800W-bootloader";
		allow members of "adb3800W-hlcode";
		allow members of "adb5810WX-hlcode";
		allow members of "adb5810WX-bootloader";
	        allow members of "adb2721W-bootloader";
                allow members of "adb2721W-hlcode";
                allow members of "adb2721Wx-bootloader";
		allow members of "adb2721Wx-hlcode";
		allow members of "adb3721WN-hlcode";
		allow members of "adb3721WN-bootloader";
                allow members of "ADB-TEST-3800W";
                allow members of "ADB-TEST-2721W";
                allow members of "ADB-TEST-2721WX";
                allow members of "AMINOx0xx";
                allow members of "AMINOx4x";
                allow members of "AMINOx5x";
                allow members of "ENTONE-ESBOOT-B72-A5";
                allow members of "ENTONE-ESAPP-B72-A5";
                allow members of "ENTONE-ESBOOT-B72-K5";
                allow members of "ENTONE-ESAPP-B72-K5";
	}
}