Logically isolated VPNs with MPLS - Centralized DHCP

Ronald F. Tallman ronthu at comcast.net
Wed Nov 2 13:49:11 UTC 2011


Thanks for the response(s).

Actually I have had the following in the config as well(somehow dropped it
in sending to the DL):

subnet 10.200.17.0 netmask 255.255.255.0 {}
subnet 10.32.0.0 netmask 255.255.255.0 {}

However, no luck with it in the config or not. 

In the option 82 packet - Wireshark shows:

Value 020c020a00000a20...... truncated
Remote Agent ID 020c020a00000a20....truncated

I'm trying to ascertain how much and/or which hex value maps to the
circuit-id or agent-id or?

This config would grow to have multiple isolated VPNs - none of them could
communicate with each other - But all would make the dhcp request through
the router relay agent.



-----Original Message-----
From: dhcp-users-bounces+ronthu=comcast.net at lists.isc.org
[mailto:dhcp-users-bounces+ronthu=comcast.net at lists.isc.org] On Behalf Of
Glenn Satchell
Sent: Monday, October 31, 2011 9:51 PM
To: Users of ISC DHCP
Subject: RE: Logically isolated VPNs with MPLS - Centralized DHCP

It's saying "network LabNet: no free leases", and there is only one pool
in that shared subnet. This means that it is not matching the wifi-dev
class, since the allow means deny everything else.

My best guess is that the circuit-id is not matching correctly. The string
"020c020a00000a20" is an ascii string containing the chars 0, 2, 0, c and
so on. If you want it to match a binary string, then you should use

match if circuit-id = 02:0c:02:0a:00:00:0a:20;

You can use a packet sniffer like wireshark or tcpdump on your dhcp server
to see what is coming in from the client.

regards,
-glenn

> This one is fairly easy, if this is the entire config file.
>
> The lease origin 10.32.0.22 isn't a member of either of the subnet
> declarations in your configuration.  You need to write a subnet
> declaration matching that network.
>
> ====================
> Scott Stone <scott_stone at trendmicro.com>
> Manager, DCS-RD
> Trend Micro, Inc. http://www.trendmicro.com
>
>
> -----Original Message-----
> From: dhcp-users-bounces+scott_stone=trendmicro.com at lists.isc.org
> [mailto:dhcp-users-bounces+scott_stone=trendmicro.com at lists.isc.org] On
> Behalf Of Ronald F. Tallman
> Sent: Monday, October 31, 2011 8:29 PM
> To: 'Users of ISC DHCP'
> Subject: RE: Logically isolated VPNs with MPLS - Centralized DHCP
>
> It is a minimal config:
>
>
> stash-agent-options true;
>
> shared-network LabNet {
>
> # LABNET Wireless Class
> class "wifi-dev" {
> match if option agent.circuit-id="020c020a00000a20";
> lease limit 10;
>                  }
>
> subnet 10.200.17.0 netmask 255.255.255.0 {}
>
> #Create a new pool for each class.
> subnet 10.32.166.0 netmask 255.255.255.0 {
>    option routers 10.32.166.1;
>    option broadcast-address 10.32.166.255;
>         pool {
>         allow members of "wifi-dev";
>         range 10.32.166.44 10.32.166.53;
>              }
>
> The only thing from the logs:
>
> Oct 23 22:48:23 sea-securid-1 last message repeated 5 times
> Oct 23 22:53:49 sea-securid-1 dhcpd: [ID 702911 local7.error] DHCPDISCOVER
> from 5c:26:0a:1b:58:bb via 10.32.0.22: network LabNet: no free leas
> es
> Oct 23 22:55:16 sea-securid-1 last message repeated 7 times
> Oct 23 23:00:37 sea-securid-1 dhcpd: [ID 702911 local7.error] DHCPDISCOVER
> from 5c:26:0a:1b:58:bb via 10.32.0.22: network LabNet: no free leas
> es
>
> ---------------
> The 10.32.166.1 interface is in the VRF on the same router 10.32.0.22
> That has the relay agent.
> The 10.200.17.0 subnet is where central DHCP server lives.
>
> -----Original Message-----
> From: dhcp-users-bounces+ronthu=comcast.net at lists.isc.org
> [mailto:dhcp-users-bounces+ronthu=comcast.net at lists.isc.org] On Behalf Of
> Simon Hobson
> Sent: Monday, October 31, 2011 9:26 AM
> To: Users of ISC DHCP
> Subject: Re: Logically isolated VPNs with MPLS - Centralized DHCP
>
> Ronald F. Tallman wrote:
>>Looking for a centralized DHCP solution that supports the following:
>>
>>.       Numerous VPNs isolated with MPLS -
>>Therefore isolated/separated subnets.
>>.       Clients dispatch DHCP request
>>.       Cisco router/relay agent forwards
>>request to centralized DHCP server to management
>>subnet
>
> The ISC package will handle that - it doesn't
> really care how the packet gets to it. But bear
> in mind that you will need to have unique subnet
> addresses across the entire network served by a
> single DHCP server.
>
>>.       Presently DHCP server recognizes
>>forwarded request but will not serve IP as it's
>>sourced from "Unknown Subnet"
>>
>>.       The subnet is actively provisioned in the DHCP server
>> configuration
>
> Then you'd best post the relevant parts of the config and logs.
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is
> confidential and may be subject to copyright or other intellectual
> property protection. If you are not the intended recipient, you are not
> authorized to use or disclose this information, and we request that you
> notify us by reply mail or telephone and delete the original message from
> your mail system.
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>


_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users




More information about the dhcp-users mailing list