using option 82 to assign a static ip-address -- solved

Nico De Ranter nico.deranter at esaturnus.com
Mon Dec 17 14:48:39 UTC 2012 

Found the problem.

We were using 'host' statements for all clients before and had 'deny 
unknown-clients' globally set.  However when I converted the host 
statement to class+pool the deny unknown-clients prevented the client 
from getting an ip as there was no matching host statement anymore for 
this client.

After removing 'deny unknown-clients' everything magically worked.

I threw out the binary-to-ascii in the mean time too. I was confused by 
the extra '1' that gets added at the front for some of the fields.

By the way on my cisco Remote-id looks like '00:06:84:78:ac:84:e5:80'

Nico


On 12/17/2012 05:07 AM, Sten Carlsen wrote:
> From original mail:
>
> binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 7)) = 
> "84:78:ac:84:e5:80"
>
> Reformat to:
>
> binary-to-ascii(
> 16,                                          ---------> result is in hex
>  8,                                           ---------> it works in 
> 8bit wide increments
>  ":",                                          ---------> separator is 
> a ":"
>  substring(
> option agent.remote-id,          ---------> assumed to be a MAC 
> address -> string of 6 bytes: 0x112233445566
>  2,
>  7
> )                                              ---------> 0x1122 
> ->33445566<- This is the result of the substring operation.
> )
>                                                ---------> result of 
> binary-to-ascii should then be: "33:44:55:66" as a text string, 11 
> chars long.
>
>  = "84:78:ac:84:e5:80"
>
> Something here is mysterious, not quite sure what. Can't see why this 
> has ever been a match?
>
>
> On 17/12/12 1:03, Glenn Satchell wrote:
>> Hi Nico
>>
>> Please see comments below.
>>
>> On Mon, December 17, 2012 12:17 am, Nico De Ranter wrote:
>>> Hi,
>>>
>>>
>>>
>>> I'm trying to use DHCP option 82 to assign a different address to a host
>>> depending on which network port it is connected to.
>>> I'vve created the following section in my config:
>>>
>>> ############
>>> stash-agent-options true;
>>> ...
>>> subnet 10.103.0.0 netmask 255.255.255.0
>>> {
>>>          option routers 10.103.0.1;
>>>          class "OK1Endo" {
>>>                  match if  binary-to-ascii(16, 8, ":", substring(option
>>> agent.remote-id, 2, 7)) = "84:78:ac:84:e5:80"
>> This string "8 4 : 7 8 : ... : 8 0" is 17 characters long. So a 7 char
>> substring will never be equal to it. I can't see how it ever matches.
> Precedence: first substring, then binary-to-ascii, I still don't see 
> the match.
>>>                          and     binary-to-ascii (16, 8, ":", hardware) =
>>> "1:0:14:2d:40:f:15"
>>>                          and     binary-to-ascii (16, 8, ":",
>>> substring(option agent.circuit-id, 5, 5)) = "e";
>> This may or may not match. If the agent.circuit-id is exactly 5 characters
>> long it will return that last char only and if that is an 'e' then it will
>> match.
>>
>> These can all be re-written without the binary-to-ascii and be much clearer:
>>
>> match if substring(option agent.remote-id, 2, 7)) = 84:78:ac:84:e5:80
>>       and hardware = 1:0:14:2d:40:f:15
>>       and substring(option agent.circuit-id, 5, 1)) = e;
>>
>> Finally, putting the class definition inside the subnet can cause some
>> unexpected inheritance. Probably ok if you only have a single subnet in
>> your definition, but better to put the class outside the subnet
>> definition.
>>
>>>          }
>>>          pool {
>>>                  filename "pxelinux.0";
>>>                  next-server 10.103.0.202;
>>>                  option mobile-ip-home-agent 10.103.0.202;
>>>                  option log-servers 10.103.0.202;
>>>                  option tz "Europe/Brussels";
>>>                  use-host-decl-names on;
>>>                  allow members of "OK1Endo";
>>>                  range 10.103.0.220 10.103.0.220;
>>>          }
>>>    }
>>> ###########
>>>
>>> I'm sure the class definition is correct and the pool matches as I also
>>> added a log statement which only seems to trigger if the client matches
>>> the
>>> pool (if I change the class definition or remove the 'allow members' I
>>> don't see the logs appearing in the log files anymore).
>>>
>>> However the dhcpd server doesn't seem to send any reply to the host: in
>>> tcpdump I see a bootp/dhcp request from the clients MAC but no replies
>>> from
>>> the server.  If I replace the 'pool' section with a simple 'host'
>>> definition the server responds immediately.
>>>
>>> Any ideas what I'm doing wrong?
>>>
>>> Note: I'm using a very old version of dhcpd (3.1.1) which unfortunately I
>>> cannot upgrade at the moment.
>

-- 
Nico De Ranter
Operations Engineer
T. +32 16 38 72 10
M. +32 497 915 378


eSATURNUS
Romeinse straat 12
3001 Leuven -- Belgium 	
T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com <http://www.esaturnus.com>

	
<http://www.esaturnus.com>



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20121217/00c0233f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 210125 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20121217/00c0233f/attachment-0002.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 15157 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20121217/00c0233f/attachment-0003.jpe>

More information about the dhcp-users mailing list