Option 82 logging on dhcpd 4.1.1 and red hat 6
Alex Moen
alexm at ndtel.com
Tue Oct 4 21:17:54 UTC 2016
OK... I think you're barking up the right tree. In my experience, some
devices don't give the circuit-id info in text but rather binary. So,
try this copy of one of my configs:
-----------------------------------------------------
## Option 82 Class
class "myvendor" {
match if option agent.circuit-id = 00:04:00:6b:00:84;
}
# Test Option 82 logging
if exists agent.circuit-id
{
log (info, concat(
"Lease for ", binary-to-ascii (10, 8, ".", leased-address),
" with circuit-id ", binary-to-ascii (10, 8, ".", option
agent.circuit-id),
" is assigned using Option82"
));
}
-----------------------------------------------------
I work for an ISP, so we use the circuit-id to log which IP address is
used on which port. On some devices (IE: Allied Telesis iMAP products),
the circuit-id data is in binary, while on Paradyne and Calix gear, it
is given as text. So, I actually log 4 times to cover all possible
situations.
You may have to change the "10, 8" to larger values, and may even have
to add some extra ", x, x" after the "option agent.circuit-id",
depending on the data you're looking for.
Wireshark captures do wonders to help determine what you need to do to
get the data that is important to you.
As much as I don't like their equipment, Zyxel has a helpful page about
this:
http://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
Good luck!
Alex
On 10/04/2016 11:49 AM, project722 wrote:
> Hmmm.. OK here is the log for the test client.
>
> Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with circuit-id
>
> That's all it said.
>
> I know that my ACL class for circuit id works as it was allowed to get
> an IP address.
>
> The log line reported back the correct IP so I know that the
>
> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
>
> Line in my logging clause works.
>
> But why did it stop there? Do I need to remove the parethesis around
> "option agent.circuit-id" since I am not using parenthesis in my ACL class?
>
> On Tue, Oct 4, 2016 at 11:25 AM, project722 <project722 at gmail.com
> <mailto:project722 at gmail.com>> wrote:
>
> Alfred - thanks but your setup is much more complex than mine.
>
> Alex, I have put in the changes as you suggested and it passed
> validation. I'll report back what the logs look like or if I have
> any further problems.
>
> Thanks!
>
> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen <alexm at ndtel.com
> <mailto:alexm at ndtel.com>> wrote:
>
> Just comparing with mine, it seems that the "option
> agent.circuit-id" needs to be in parens. And, I don't know the
> use of the "(leased-address)" is. So, try this:
>
> -----------------------------------------------------
> ## Option 82 Class
> class "myvendor" {
> match if option agent.circuit-id = 00:04:00:6b:00:84;
> }
>
> # Test Option 82 logging
> if exists agent.circuit-id
> {
> log (info, concat(
> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
> " with circuit-id ", (option agent.circuit-id),
> " is assigned using Option82"
> ));
> }
>
> pool {
> allow members of "myvendor";
> range x.x.x.x x.x.x.x;
> }
> -----------------------------------------------------
>
> This should give you a line that looks something like:
>
> Lease for 192.168.0.10 with circuit-id Ethernet 5 is assigned
> using Option82
>
> Obviously, your circuit-id will most likely be something other
> than "Ethernet 5", but you get the idea.
>
> If I'm way off base, someone please correct me!
>
> Good luck,
>
> Alex
>
>
>
> On 10/04/2016 10:27 AM, project722 wrote:
>
> Hello DHCP experts! We are implementing Option 82 in our
> network and I am just scratching the surface of how to setup
> my server. I have successfully created my first Option 82
> ACL based on the agent circuit ID that is contained in the
> packet, now I just need guidance on how I get the Option 82
> data into the logs. Here is my O82 setup on the server:
>
> ## Option 82 Class
> class "myvendor" {
> match if option agent.circuit-id = 00:04:00:6b:00:84;
> }
>
> # Test Option 82 logging
> if exists agent.circuit-id
> {
> log (info, concat( "Lease for ", option agent.circuit-id
> (leased-address), "is an address assigned using Option82"));
> }
>
> pool {
> allow members of "myvendor";
> range x.x.x.x x.x.x.x;
> }
>
> The problem I am having is when I go to check the conf
> before restarting dhcpd I am getting the error:
>
> etc/dhcp/dhcpd.conf line 135: right parenthesis expected.
> log (info, concat( "Lease for ", option agent.circuit-id (
> ^
> Can anyone tell me what I am doing wrong and how to fix this
> error?
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>
>
>
> --
> Alex Moen
> NSTII
> Calix System Specialist
> North Dakota Telephone Company
> 701-662-6481 <tel:701-662-6481>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Alex Moen
NSTII
Calix System Specialist
North Dakota Telephone Company
701-662-6481
More information about the dhcp-users
mailing list