DHCPv6 IP<->DUID mapping ?

Miloslav Hůla miloslav.hula at gmail.com
Tue Aug 22 15:28:53 UTC 2017


I'm not sure I undestand the question. Probably yes. We are using slapd 
(OpenLDAP) and isc-dhcp-server-ldap packages, everythink stock packages 
for current Debian Stretch.

Milo


Dne 2017-08-22 v 17:11 Hillary Nelson napsal(a):
> For LDAP backend, do you use the LDAP comes with DHCP source code?
> 
> 
> Thanks!
> Hillary
> 
> 
> On Tue, Aug 22, 2017 at 10:48 AM, Miloslav Hůla <miloslav.hula at gmail.com 
> <mailto:miloslav.hula at gmail.com>> wrote:
> 
>     Restart is needed for now. We have two servers in failover and
>     restart is done one by one, so restart is not issue for us.
> 
>     But in these days we are preparing LDAP backend for DHCPv4 and v6
>     servers. When it will be done, restart will not be necessary.
>     Configuration snippet follows. Now, we have only static records, no
>     range6. On switches, we have a MAC-radius mechanism, so
>     non-registered MACs fall into guest VLAN and they get IPv6 by router
>     advertisment and SLAAC.
> 
> 
>     shared-network VLAN-4 {
>          subnet6 2002:817:55:1100::/64 {
>          }
> 
>          subnet6 2002:817:55:1101::/64 {
>          }
> 
>          subnet6 2002:817:55:1102::/64 {
>          }
>     }
> 
>     shared-network VLAN-100 {
>          subnet6 2002:817:55:11ee::/64 {
>          }
>     }
> 
> 
>     host atlas.example.com <http://atlas.example.com> {
>          hardware ethernet 00:50:56:a5:c6:69;
>          fixed-address6 2002:817:55:1100::52;
>     }
> 
>     host milo.example.com <http://milo.example.com> {
>          hardware ethernet 00:50:56:a5:c6:70;
>          fixed-address6 2002:817:55:11ee::56;
>     }
> 
>     Milo
> 
> 
> 
>     Dne 2017-08-22 v 16:23 Hillary Nelson napsal(a):
> 
>         Great to know it works for you!  I wonder do you need to restart
>         DHCPv6 server everytime there are new MAC added, with DHCPv4 we
>         use omapi to add dynamic host entry so no need to restart server.
> 
>         Here is the relevant config I've been trying, can you share your
>         config if you don't mind, you don't need to use your real IP space:
> 
>         *****************************
>         shared-network "network-staff" {
>               subnet6 fd01:beef:1::/64 {
>                      pool6 {
>                       deny known-clients;
>                       range6 fd01:beef:1::0/96;
>                   }
>               }
>               subnet6 2001:beef:1::/64 {
>                   pool6 {
>                       deny unknown-clients;
>                       range6 2001:beef:1::0/96;
>                   }
>               }
>         }
> 
>         host registered-host1 { hardware ethernet 11:22:AA:BB:CC:DD;
>         option host-name "registered-host1";  }
> 
>         ***********************************
> 
>         Thanks!
>         Hillary
> 
> 
>         On Tue, Aug 22, 2017 at 9:05 AM, Miloslav Hůla
>         <miloslav.hula at gmail.com <mailto:miloslav.hula at gmail.com>
>         <mailto:miloslav.hula at gmail.com
>         <mailto:miloslav.hula at gmail.com>>> wrote:
> 
>              Hi,
> 
>              we register DHCPv6 clients by MAC, the same way as DHCPv4.
>         With ISC
>              server, address association works directly via VLAN
>         interface or
>              relay, event this way is not i the RFCs.
> 
>              Milo
> 
> 
>              Dne 2017-08-18 v 16:14 Hillary Nelson napsal(a):
> 
> 
>                  We plan to enable IPv6 registration like we do with our
>                  IPv4(with deny unknown clients), which needs query
>         lease info to
>                  get DUID from giving IPv6 address, without omapi
>         support, should
>                  we parse lease or log to get DUID from IPv6 address?
>         How do you
>                  folks get your DHCPv6 IPv6<->DUID mapping?
> 
>                  If anyone has done IPv6 registration and would like to
>         share
>                  your experience, it will be greatly appreciated!! You
>         contact me
>                  off list if you want..
> 
>                  Best,
>                  Hillary



More information about the dhcp-users mailing list