AW: AW: Vendor-specific information class integration

Vitali Kari Vitali.Kari at komnexx.de
Mon Oct 10 20:03:53 UTC 2016


Does the device ask for option 43 in DHCPDISCOVER?
If not you have to put that in option manually by add this line in your class definition:
option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,2b); # adds option 43

btw. You can add a logging line to class to confirm that the right class is matched:
log (info, "INFO: Match Class XY");


Best regards
Mit freundlichen Grüßen

Vitali Kari 
Teamleiter NGN


-----Ursprüngliche Nachricht-----
Von: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] Im Auftrag von Alex Moen
Gesendet: Montag, 10. Oktober 2016 21:54
An: dhcp-users at lists.isc.org
Betreff: Re: AW: Vendor-specific information class integration

On 09/14/2016 01:50 AM, Vitali Kari wrote:
> Hi Alex,
>
> Maybe you can set an additional variable for vendor or device model in your class definition and the use this in subnet or pool to make an if else evaluation.
>
> Something like that (what we use):
>
> class "AVM" {
>     match if (binary-to-ascii (16,8,":",substring(hardware, 1, 3))) = "5c:49:79";
>     option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,2b); # adds option 43
>     vendor-option-space avm;
>     set vendor-string = "AVM";
> }
>
> class "CP120" {
>     match if substring(option host-name,0,9) = "PBN_R2.02";
>     set model-string = "CP120";
> }
>
> subnet 172.16.169.0 netmask 255.255.255.0 {
>     pool {
>     range 172.16.169.10 172.16.169.254;
>         option routers 172.16.169.1;
>
>         if vendor-string = "AVM" {
>             option avm.acs-url "http://kx-acs-01.cmn.local:7547";
>         }
>
>         else if vendor-string = "PBN" {
>             option tftp-server-name "10.10.100.2";
>             option pbn-vlan-id 1:2c; # VoIP VLAN 300;
>             if model-string = "CP120" {
>                 option bootfile-name "CP120-stable-fw.cfg";
>             }
>         }
>     } #end pool
> } #end subnet
>
>
> Best regards
> Mit freundlichen Grüßen
>
> Vitali Kari
> Teamleiter NGN
>
>
> -----Ursprüngliche Nachricht-----
> Von: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] Im Auftrag 
> von Alex Moen
> Gesendet: Dienstag, 13. September 2016 20:42
> An: Users of ISC DHCP <dhcp-users at lists.isc.org>
> Betreff: Vendor-specific information class integration
>
> Hi all,
>
> I work for an ISP/telco.  We are using DHCP to assign addresses to ONTs at our customer locations.  We are using class identifiers to deploy the same address to the location, regardless of the MAC address of the ONT installed.  We are doing this using a class statement, based on the agent.circuit-id.  This results in a very large configuration (a pool of one address is assigned to each class of one endpoint port), but works flawlessly.  Here's an example:
>
> ---------------------------------------------------------------
> subnet 10.57.100.0 netmask 255.255.252.0 {
>          option routers 10.57.103.254;
>          option subnet-mask 255.255.252.0;
>          vendor-option-space CALIX-ONT-SERVER;
>          option CALIX-ONT-SERVER.cms-address 66.163.129.244;
>          option CALIX-ONT-SERVER.second-tftp-address 66.163.129.244;
>          option CALIX-ONT-SERVER.force-firmware on;
>          option CALIX-ONT-SERVER.syslog-address 66.163.129.244;
>          option CALIX-ONT-SERVER.validateMIC off;
>          server-name "66.163.129.244";
>          default-lease-time 259200;
>          max-lease-time 259200;
>
> class "10.57.100.50/Ethernet1:Vlan2" {
>          match if option agent.circuit-id = "10.57.100.50/Ethernet1:Vlan2";
>          }
>          pool {
>                  allow members of "10.57.100.50/Ethernet1:Vlan2";
>                  filename "occam/DVLKND/DVLKND-2VOICE-1INET-3VIDEO.cfg";
>                  range 10.57.100.1;
>                  deny dynamic bootp clients;
> 	}
> class "10.57.100.50/Ethernet2:Vlan2" {
>          match if option agent.circuit-id = "10.57.100.50/Ethernet2:Vlan2";
>          }
>          pool {
>                  allow members of "10.57.100.50/Ethernet2:Vlan2";
> 		filename "calix/ge-2voice-1int-3video.cfg";
>                  range 10.57.100.2;
>                  deny dynamic bootp clients;
>          }
> ---------------------------------------------------------------
>
> Obviously, the pool is not part of the class statement, even though the indentations are indicating that they are.  This is for readability for us, to show each pool that is associated with the particular class.  We occasionally need to change the "filename" line, as shown above.
>
> The vendor-specific information ("CALIX-ONT-SERVER") is defined in the dhcpd.conf file:
>
> ---------------------------------------------------------------
> option space CALIX-ONT-SERVER;
> option CALIX-ONT-SERVER.cms-address code 1 = ip-address; option 
> CALIX-ONT-SERVER.second-tftp-address code 2 = ip-address; option 
> CALIX-ONT-SERVER.validateMIC code 3 = boolean; option 
> CALIX-ONT-SERVER.syslog-address code 4 = ip-address; option 
> CALIX-ONT-SERVER.firmware1 code 101 = text; option 
> CALIX-ONT-SERVER.firmware2 code 102 = text; option 
> CALIX-ONT-SERVER.firmware3 code 103 = text; option 
> CALIX-ONT-SERVER.firmware4 code 104 = text; option 
> CALIX-ONT-SERVER.firmware5 code 105 = text; option 
> CALIX-ONT-SERVER.force-firmware code 200 = boolean; option 
> CALIX-ONT-SERVER.cms-address 66.163.129.244; option 
> CALIX-ONT-SERVER.second-tftp-address 66.163.129.244; option 
> CALIX-ONT-SERVER.force-firmware on; option 
> CALIX-ONT-SERVER.syslog-address 66.163.129.244;
> ---------------------------------------------------------------
>
> This config has been working great for many years.
>
> Now, however, the wheels of change have rolled on, and we have a "new and improved" ONT to start using.  The problem is that the vendor-specific information needs to be changed, but we continue to use the "old and crappy" OG ONT as well.  So we need both option 43 versions, deployed depending on the type of ONT being put in place.
>
> Originally, we planned on using a different VLAN to do this:
>
> dhcpd.conf:
>
> ---------------------------------------------------------------
> option space CALIXGC;
> option CALIXGC.acs-url code 1 = text;
> option CALIXGC.acs-url-supp code 5 = text;
> ---------------------------------------------------------------
>
>
> ---------------------------------------------------------------
> subnet 10.157.100.0 netmask 255.255.252.0 {
>          option routers 10.157.103.254;
>          option subnet-mask 255.255.252.0;
>          server-name "66.163.129.244";
>          default-lease-time 259200;
>          max-lease-time 259200;
>          vendor-option-space CALIXGG;
>          option CALIXGC.acs-url
> "http://gcs.calix.com:8080/125053/8w9ZZJF9q4";
>
> class "10.57.100.50/Ethernet1:Vlan12" {
>          match if option agent.circuit-id = "10.57.100.50/Ethernet1:Vlan12";
>          }
>          pool {
>                  allow members of "10.57.100.50/Ethernet1:Vlan12";
>                  range 10.157.100.1;
>                  deny dynamic bootp clients;
>          }
> class "10.57.100.50/Ethernet2:Vlan12" {
>          match if option agent.circuit-id = "10.57.100.50/Ethernet2:Vlan12";
>          }
>          pool {
>                  allow members of "10.57.100.50/Ethernet2:Vlan12";
>                  range 10.157.100.2;
>                  deny dynamic bootp clients;
>          }
> ---------------------------------------------------------------
>
> Configuration change requirements on almost 400 endpoint blades (resulting in different procedures used by provisioners) and 30+ routers have resulted in a question being asked: can DHCP become "intelligent"
> and change the option 43 (vendor-specific information) depending on the ONT doing the request?
>
> I know how to build the different classes to make the distinction between the two types of ONTs:
>
> ---------------------------------------------------------------
> 	class "calix-ont" {
> 		match if(option vendor-class-identifier = "CALIX ONT");
>          vendor-option-space CALIX-ONT-SERVER;
>          option CALIX-ONT-SERVER.cms-address 66.163.129.244;
>          option CALIX-ONT-SERVER.second-tftp-address 66.163.129.244;
>          option CALIX-ONT-SERVER.force-firmware on;
>          option CALIX-ONT-SERVER.syslog-address 66.163.129.244;
>          option CALIX-ONT-SERVER.validateMIC off;
> 	}
>
> 	class "calix-844ge" {
> 		match if(substring(option vendor-class-identifier,0,5 = "844GE"));
>          vendor-option-space CALIXGG;
>          option CALIXGC.acs-url
> "http://gcs.calix.com:8080/125053/8w9ZZJF9q4";
> 	}
> ---------------------------------------------------------------
>
> My question is how to integrate that class decision-making process into my existing original pools/subnets and eliminate the requirement for the second subnet?
>
> TIA,
>
> Alex
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

OK... still working on this, and not having much luck.

First of all, I have two devices that I am dealing with.  One of the devices (the calix-ont class) has a vendor-class-identifier of "CALIX ONT" (as found in a wireshark capture).  The other (the calix-844ge
class) has a vendor-class-identifier of "844GE-1.ONT.dslforum.org". I am trying to get the DHCP server to send the proper Option 43 (hex 2b) information based on the vendor-class-identifier.

So, in my dhcpd.conf file, I have:

-------------------------------------------------------------
option space CALIX-ONT-SERVER;
option CALIX-ONT-SERVER.cms-address code 1 = ip-address; option CALIX-ONT-SERVER.second-tftp-address code 2 = ip-address; option CALIX-ONT-SERVER.validateMIC code 3 = boolean; option CALIX-ONT-SERVER.syslog-address code 4 = ip-address; option CALIX-ONT-SERVER.firmware1 code 101 = text; option CALIX-ONT-SERVER.firmware2 code 102 = text; option CALIX-ONT-SERVER.firmware3 code 103 = text; option CALIX-ONT-SERVER.firmware4 code 104 = text; option CALIX-ONT-SERVER.firmware5 code 105 = text; option CALIX-ONT-SERVER.force-firmware code 200 = boolean;

class "calix-ont" {
         match if(substring(option vendor-class-identifier,0,9) = "CALIX ONT");
         option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,2b);
         vendor-option-space CALIX-ONT-SERVER;
         vendor-string = "CALIX ONT";
}

option space CALIXGC;
option CALIXGC.acs-url code 1 = text;
option CALIXGC.acs-url-supp code 5 = text;

class "calix-844ge" {
         match if(substring(option vendor-class-identifier,0,5) = "844GE");
         option dhcp-parameter-request-list = concat(option dhcp-parameter-request-list,2b);
         vendor-option-space CALIXGC;
         vendor-string = "844GE";
}

-------------------------------------------------------------

and, in my subnet file, I have:

-------------------------------------------------------------

subnet 10.57.100.0 netmask 255.255.252.0 {
         option routers 10.57.103.254;
         option subnet-mask 255.255.252.0;
         default-lease-time 259200;
         max-lease-time 259200;
         server-name "66.163.129.244";
         if vendor-string = "CALIX ONT" {
                 option CALIX-ONT-SERVER.cms-address 66.163.129.244;
                 option CALIX-ONT-SERVER.second-tftp-address 66.163.129.244;
                 option CALIX-ONT-SERVER.force-firmware on;
                 option CALIX-ONT-SERVER.syslog-address 66.163.129.244;
                 option CALIX-ONT-SERVER.validateMIC off;
         }
         else if vendor-string = "844GE" {
                 option CALIXGC.acs-url "http://gcs.calix.com:8080/125053/8w9ZZJF9q4";
         }

class "10.57.100.50/Ethernet1:Vlan2" {
         match if option agent.circuit-id = "10.57.100.50/Ethernet1:Vlan2";
         }
         pool {
                 allow members of "10.57.100.50/Ethernet1:Vlan2";
                 range 10.57.100.1;
                 deny dynamic bootp clients;

         }
class "10.57.100.50/Ethernet2:Vlan2" {
         match if option agent.circuit-id = "10.57.100.50/Ethernet2:Vlan2";
         }
         pool {
                 allow members of "10.57.100.50/Ethernet2:Vlan2";
                 range 10.57.100.2;
                 deny dynamic bootp clients;
         }

-------------------------------------------------------------

and on and on, until the end of the subnet.

In my pcap, I do not see any of the option 43 info being sent to the device.  At all.  No matter which device is requesting.

What am I missing?


--
Alex Moen
NSTII
Calix System Specialist
North Dakota Telephone Company
701-662-6481
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


More information about the dhcp-users mailing list