dhcp-users Digest, Vol 69, Issue 4
Hardik.V.Shah at ril.com
Hardik.V.Shah at ril.com
Fri Jul 4 08:40:56 UTC 2014
Hello Peter,
I have tried " isc dhcp option 82" but could not get what I am looking at.
Han Koster,
Yes, I am looking for the code which assign's the IP address based on client's serial no and not mac id or circuit id or agent id.
>From the client box when dhcp request comes, I am capturing through tcpdump and read through "wireshark" and able to see the serial no of the box but how I can code in dhcpd.conf by which it look at that serial no and assign the IP on match?
-Hardik
-----Original Message-----
From: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of dhcp-users-request at lists.isc.org
Sent: 03 July 2014 20:36
To: dhcp-users at lists.isc.org
Subject: dhcp-users Digest, Vol 69, Issue 4
Send dhcp-users mailing list submissions to
dhcp-users at lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-request at lists.isc.org
You can reach the person managing the list at
dhcp-users-owner at lists.isc.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: dhcp-users Digest, Vol 65, Issue 11 (lyndon villas)
(lyndon villas)
2. RE: option 82 feature of DHCP (Han Koster)
3. RE: option 82 feature of DHCP (Hughes, Doug)
----------------------------------------------------------------------
Message: 1
Date: Thu, 3 Jul 2014 20:11:46 +0800
From: lyndon villas <sox316 at gmail.com>
To: dhcp-users at lists.isc.org
Subject: Re: dhcp-users Digest, Vol 65, Issue 11 (lyndon villas)
Message-ID:
<CAFnSxQktCqYJAO9w02_gqGgvvJKZTiLbk7GMTtcHgL0vyWXyXA at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi All,
I'm soliciting ideas on this case, as of the moment got no concrete solution.
The idea is to authenticate DHCP client against option 61
(dhcp-client-identifier) and option 82 (agent.circuit-id).
This the required authentication flow;
1. class "ACL61+82" {
match option dhcp-client-identifier and option agent.circuit-id;
}
subclass "ACL61+82" "Option 61 + Option 82";
subnet 192.168.0.0 netmask 255.255.255.0 {
pool {
allow members "ACL61+82 values";
range 192.168.0.1 192.168.0.100;
}
}
2. class "ACL61" {
match option dhcp-client-identifier and option agent.circuit-id = null;
}
subclass "ACL61" "Option 61 values";
subnet 192.168.1.0 netmask 255.255.255.0 {
pool {
allow members "ACL61";
range 192.168.1.1 192.168.1.100;
}
}
3. class "ACL82" {
match option agent.circuit-id and option dhcp-client-identifier = null;
}
subclass "ACL82" "Option 82 values";
subnet 192.168.3.0 netmask 255.255.255.0 {
pool {
allow members "ACL82";
range 192.168.3.1 192.168.3.100;
}
}
Thank you very much.
Best Regards,
Lyndon
> Message: 5
> Date: Thu, 20 Mar 2014 16:33:32 +0800
> From: lyndon villas <sox316 at gmail.com>
> To: dhcp-users at lists.isc.org
> Subject: Re: dhcp-users Digest, Vol 65, Issue 11
> Message-ID:
> <CAFnSxQnA=
> 5dntFLGuOFCgkk5fgiqLsxjEPLWyorTueeG6oFLJQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> >
> > Hi Patrick,
> >
>
> Here's i want to accomplish:
>
> 1. Check if Option 61 value is in the class entry (ex.
> client-circuitid_class), If YES, then check if Circuit-id is is the
> available, if no Circuit-id please assign IP address from IP Pool.
>
> 2. If both Option 61 and Circuit-iD are present, compared it to the
> class entry (e.g client-circuitid_class). If matches the entry, please
> assign IP address from IP Pool.
>
> 3. Option 61 is not defined (null) but Circuit-id is available and
> can be found in the class entry (e.g client-circuitid_class), please
> assign IP address from IP pool.
>
> I hope this pseudocode helps.
>
> Best Regards,
> Lyndon
>
>
>
>
>
> >
> > Message: 2
> > Date: Tue, 18 Mar 2014 09:22:02 +0000
> > From: Patrick Trapp <ptrapp at nex-tech.com>
> > To: Users of ISC DHCP <dhcp-users at lists.isc.org>
> > Subject: RE: Matching client DHCP request against Option 61 and Option
> > 82 (circuit id)
> > Message-ID:
> > <
> 1D507D610594D14F86D40D77C17E9E6619E957A3 at EXCHANGEDSB.ruralnex.com
> > >
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Off the top of my head, I'm not remembering what Option 61 is, but I
> > have a fair bit of practice with match statements. Have you worked it out yet?
> > Do you have an obfuscated example of what you are trying to
> > accomplish in pseudocode to get the conversation started?
> >
> > Something like
> >
> > If Option 82 is "circuit-id-1", do something 1. If Option 82 is
> > "circuit-id-1" and Option 61 is present, do something 2. If Option
> > 82 is "circuit-id-2" and Option 61 is "option-61-first", do something 3.
> >
> > More detail is better, especially if you have worked out part of the
> > config and we don't have to sweat that part. I'm at GMT-6, so I'm
> > not
> sure
> > how well our schedules will mesh (it's rather early for me as I type
> this)
> > but if that's not a deterrent, let's see what we can do.
> >
> > Patrick
> >
> > ________________________________
> > From: dhcp-users-bounces+ptrapp=nex-tech.com at lists.isc.org
> [dhcp-users-bounces+ptrapp=
> > nex-tech.com at lists.isc.org] on behalf of lyndon villas
> > [sox316 at gmail.com
> ]
> > Sent: Monday, March 17, 2014 10:27 PM
> > To: dhcp-users at lists.isc.org
> > Subject: Matching client DHCP request against Option 61 and Option
> > 82 (circuit id)
> >
> > Hi All,
> >
> > I'm trying to configure my DHCP server to match client request
> > against Option 61 and Option 82 circuit-id. Client request may also
> > contain on Option 61. I'm not a programming geek, your help in
> > creating a match statement is much appreciated.
> >
> > Thanks in advance.
> >
> > --
> > Regards,
> >
> > Sox 316
> > -------------- next part -------------- An HTML attachment was
> > scrubbed...
> > URL: <
> >
> https://lists.isc.org/pipermail/dhcp-users/attachments/20140318/d07230
> f7/attachment-0001.html
> > >
> >
> > ------------------------------
> >
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
> >
> > End of dhcp-users Digest, Vol 65, Issue 11
> > ******************************************
> >
>
>
>
> --
> Regards,
>
> Lyndon A. Villas
> -------------- next part -------------- An HTML attachment was
> scrubbed...
> URL: <
> https://lists.isc.org/pipermail/dhcp-users/attachments/20140320/0e3e0a
> fc/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Thu, 20 Mar 2014 11:13:46 +0000
> From: Simon Hobson <dhcp1 at thehobsons.co.uk>
> To: Users of ISC DHCP <dhcp-users at lists.isc.org>
> Subject: Re: dhcp-users Digest, Vol 65, Issue 11
> Message-ID: <9187E5B9-66E2-4C4E-8C95-CDA0F264A772 at thehobsons.co.uk>
> Content-Type: text/plain; charset=iso-8859-1
>
> lyndon villas <sox316 at gmail.com> wrote:
>
> > Here's i want to accomplish:
> >
> > 1. Check if Option 61 value is in the class entry (ex.
> client-circuitid_class), If YES, then check if Circuit-id is is the
> available, if no Circuit-id please assign IP address from IP Pool.
> >
> > 2. If both Option 61 and Circuit-iD are present, compared it to
> > the
> class entry (e.g client-circuitid_class). If matches the entry, please
> assign IP address from IP Pool.
> >
> > 3. Option 61 is not defined (null) but Circuit-id is available
> > and
> can be found in the class entry (e.g client-circuitid_class), please
> assign IP address from IP pool.
> >
> > I hope this pseudocode helps.
>
>
> It's not clear and consistent.
>
> 1 says "If A and not B, then use A".
>
> 2 says "If A and B then use 'it'" - without specifying whether 'it' is
> A or B !
>
> 3 says "If B and not A then use B".
>
> A simpler way of writing it is "if A is present then use A, else if B
> is present then use B" (or swap A and B round depending on what 'it' is).
>
>
> You can use "pick-first-value" for this.
> If 'it' is A then use "pick-first-value(A,B)", or if 'it' is B then
> use "pick-first-value(B,A)". So your class selection becomes :
>
> match if pick-first-value(A,B)="some string"
>
>
>
> But you also don't specify what you want to match the options against.
> Are they to match against the same string (eg A or B or both would be
> the same string), or are they to comapre against different strings (in
> which case the above won't work).
>
> If you match against different strings (so the test is "A="X" or B =
> "Y") then I think you need a slightly more complicated selection.
> I'm not sure if just doing :
> match if A="X";
> match if B="Y";
> will work. If not, then you might have to do something like :
> match if (pick-first-option(A,"")="X") or
> (pick-first-option(B,""="Y") ;
>
> The reason for the pick-first-option clauses here is that if A or B is
> not present, then the result of comparing it with anything is unknown
> - and logical ORing unknown with anything is unknown. So the
> pick-first-value clauses ensure that if A or B is not present, it's
> replaced with an empty string so that the OR clause will work.
>
>
>
> ------------------------------
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> End of dhcp-users Digest, Vol 65, Issue 13
> ******************************************
>
--
Regards,
Lyndon A. Villas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140703/d112616c/attachment-0001.html>
------------------------------
Message: 2
Date: Thu, 3 Jul 2014 14:47:34 +0000
From: Han Koster <h.koster at genexis.eu>
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Subject: RE: option 82 feature of DHCP
Message-ID:
<994B9FCE132B8E4B9EBFD1B7964E58E3267F2CB9 at GENEHEX01.genexislocal.nl>
Content-Type: text/plain; charset="Windows-1252"
Hi,
I am confused, on both the question and the answer.
The confusion is about the used terms, server switch etc. I think the following is meant:
1. The dhcp client send the discover and request 2. The access switch adds a portid/circuitid or whatever in option 82 3. The requester wants the dhcp server to use this id to assign an ip (and not use mac)
It would be nice when this could be configured in the dhcp server. But afaik that is not possible with the current/latest version, so you have to modify the code yourself.
Be aware that you must be sure that only one client is possible on the port of the access switch.
Or the switch must combine portid and mac address in the option 82 id to create something unique.
Regards,
Han Koster
________________________________________
From: dhcp-users-bounces at lists.isc.org [dhcp-users-bounces at lists.isc.org] on behalf of Peter Rathlev [peter at rathlev.dk]
Sent: 03 July 2014 07:48
To: Users of ISC DHCP
Subject: Re: option 82 feature of DHCP
On Thu, 2014-07-03 at 04:50 +0000, Hardik.V.Shah at ril.com wrote:
> I am configuring DHCP server with enabling option 82 features on
> network switches. My goal is to assign an IP to the server based on
> server?s serial number which I can get it through option 82.
>
> Can someone advise if it is possible and how?
Option 82 is typically something that the first switch injects into the DHCP discover/request that the server sends out. The injection happens in the switch so it can contain information that the server couldn't know itself.
The serial number of the server sounds like something the server would know and the switch would not know.
If the switch can really see the serial number then yes, it is possible.
The Internet is filled with examples of how to do it. Just search for "isc dhcp option 82" in your favourite search engine.
Are asking because "host" statements cannot select on a random option?
--
Peter
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 3
Date: Thu, 3 Jul 2014 15:05:49 +0000
From: "Hughes, Doug" <Douglas.Hughes at DEShawResearch.com>
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Subject: RE: option 82 feature of DHCP
Message-ID:
<FE83190899DE5B41BD7B5C3FD84CDF8F615E2D5E at mailnycmb5a.winmail.deshaw.com>
Content-Type: text/plain; charset="us-ascii"
One note, it isn't necessarily true that only one client can be present. It depends upon the switch. For instance, for HP switches this is certainly true. For Dell/Force10 switches the CircuitID includes the vlan, blade, and port number like so:
52:0:30 (vlan 52, blade 0, port 30). So, as long as all of the clients are on different vlans (e.g. tagged), you can have more than one client on a switch port, but this is the exception rather than the rule. It doesn't work if there's another switch downstream. (there are also remedies for this that are vendor specific)
-----Original Message-----
From: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Han Koster
Sent: Thursday, July 03, 2014 10:48 AM
To: Users of ISC DHCP
Subject: RE: option 82 feature of DHCP
Hi,
I am confused, on both the question and the answer.
The confusion is about the used terms, server switch etc. I think the following is meant:
1. The dhcp client send the discover and request 2. The access switch adds a portid/circuitid or whatever in option 82 3. The requester wants the dhcp server to use this id to assign an ip (and not use mac)
It would be nice when this could be configured in the dhcp server. But afaik that is not possible with the current/latest version, so you have to modify the code yourself.
Be aware that you must be sure that only one client is possible on the port of the access switch.
Or the switch must combine portid and mac address in the option 82 id to create something unique.
Regards,
Han Koster
________________________________________
From: dhcp-users-bounces at lists.isc.org [dhcp-users-bounces at lists.isc.org] on behalf of Peter Rathlev [peter at rathlev.dk]
Sent: 03 July 2014 07:48
To: Users of ISC DHCP
Subject: Re: option 82 feature of DHCP
On Thu, 2014-07-03 at 04:50 +0000, Hardik.V.Shah at ril.com wrote:
> I am configuring DHCP server with enabling option 82 features on
> network switches. My goal is to assign an IP to the server based on
> server's serial number which I can get it through option 82.
>
> Can someone advise if it is possible and how?
Option 82 is typically something that the first switch injects into the DHCP discover/request that the server sends out. The injection happens in the switch so it can contain information that the server couldn't know itself.
The serial number of the server sounds like something the server would know and the switch would not know.
If the switch can really see the serial number then yes, it is possible.
The Internet is filled with examples of how to do it. Just search for "isc dhcp option 82" in your favourite search engine.
Are asking because "host" statements cannot select on a random option?
--
Peter
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 69, Issue 4
*****************************************
"Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s).
are confidential and may be privileged. If you are not the intended recipient. you are hereby notified that any
review. re-transmission. conversion to hard copy. copying. circulation or other use of this message and any attachments is
strictly prohibited. If you are not the intended recipient. please notify the sender immediately by return email.
and delete this message and any attachments from your system.
Virus Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this email.
The company cannot accept responsibility for any loss or damage arising from the use of this email or attachment."
More information about the dhcp-users
mailing list