Example config with option 82, bogus relays
Joe Polcari
jpolcari at bluesocket.com
Tue Jun 17 13:18:27 UTC 2008
As a side note - I just want to understand what is being discussed.
What is circuit-id?
> From: MAtteo HCE Valsasna <valsasna at uninsubria.it>
> Reply-To: <dhcp-users at isc.org>
> Date: Tue, 17 Jun 2008 10:31:53 +0200
> To: <dhcp-users at isc.org>
> Subject: Re: Example config with option 82, bogus relays
>
> Il giorno mar, 17/06/2008 alle 00.14 +0000, DHCP Users Mailing List ha
> scritto:
>>
>> Subject: Example config with option 82
>> Date: Mon, 16 Jun 2008 10:15:27 -0500
>> From: "Corley, Kenneth L \(Kenny\)" <corley at alcatel-lucent.com>
>>
>>> Does anyone have a basic dhcpd config that includes option 82 that
>>> they can share? I am running 3.0.5.
>>>
>>> Thanks
>>> Kenny
>>>
>
> using option 82 for logging too.
> after importing some bits from Blake (dhcp-message-type, leased-address):
>
> if ((option dhcp-message-type = 3) and (exists agent.circuit-id)){
> log(info, concat("relay agent ", binary-to-ascii(10,8,".",option
> agent.remote-id),
> " forwarded for client ", option host-name,
> ", ", binary-to-ascii(16,8,":", hardware),
> " on circuit ", binary-to-ascii(10,8,".",option
> agent.circuit-id),
> " for ", binary-to-ascii (10, 8, ".", leased-address)));
> }
>
> on top of this log I sometimes run a pretty ugly perl script to produce
> a textual relay-agent based network-map (i.e., for each relay agent
> print a list of interfaces and hosts (hostname, mac, IP) connected to
> each interface.
>
> part of it is heavly site-specific, as it imports two list of "known"
> mac address, and marks unknown addresses in the output, but it may be
> useful for some.
>
> on a side topic: from the above map, I notice that one host behave
> somewhat like a relay agent, i.e. every dhcp broadcast he sees he
> resends it again as broadcast.
> As a consequence, I see the request coming both from the port the
> booting client is connected to and from the port to which the bogus
> relay is connected:
>
> Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client
> PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.123 for x.x.x.y
> Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client
> PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.44 for x.x.x.y
>
> where the client is connected to 0.123, the bogus relay to 0.44
>
> this happens on HP53xx switches, but only for a few "bogus relay" hosts
>
> nmap fingerprints the host as
> OS details: Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.11.0)
>
> This is just mildly annoying on my site, but may be a serious problem if
> anybody was limiting the number of leases per port.
>
> Did anybody see anything alike?
>
> best regards
>
> MAtteo
>
>
More information about the dhcp-users
mailing list