DHCPv6 IP<->DUID mapping ?
Hillary Nelson
nelsonhillary8 at gmail.com
Tue Aug 22 15:49:15 UTC 2017
We have our DHCP server on Redhat which doesn't seem to have
'isc-dhcp-server-ldap' shipped like Debian. There is option to enable ldap
if you compile DHCP from source.
Here is more info on this:
https://kb.isc.org/article/AA-01462/0/LDAP-and-updating-to-DHCP-4.3.3-or-newer.html
Thanks!
Hillary
On Tue, Aug 22, 2017 at 11:28 AM, Miloslav Hůla <miloslav.hula at gmail.com>
wrote:
> I'm not sure I undestand the question. Probably yes. We are using slapd
> (OpenLDAP) and isc-dhcp-server-ldap packages, everythink stock packages for
> current Debian Stretch.
>
> Milo
>
>
> Dne 2017-08-22 v 17:11 Hillary Nelson napsal(a):
>
>> For LDAP backend, do you use the LDAP comes with DHCP source code?
>>
>>
>> Thanks!
>> Hillary
>>
>>
>> On Tue, Aug 22, 2017 at 10:48 AM, Miloslav Hůla <miloslav.hula at gmail.com
>> <mailto:miloslav.hula at gmail.com>> wrote:
>>
>> Restart is needed for now. We have two servers in failover and
>> restart is done one by one, so restart is not issue for us.
>>
>> But in these days we are preparing LDAP backend for DHCPv4 and v6
>> servers. When it will be done, restart will not be necessary.
>> Configuration snippet follows. Now, we have only static records, no
>> range6. On switches, we have a MAC-radius mechanism, so
>> non-registered MACs fall into guest VLAN and they get IPv6 by router
>> advertisment and SLAAC.
>>
>>
>> shared-network VLAN-4 {
>> subnet6 2002:817:55:1100::/64 {
>> }
>>
>> subnet6 2002:817:55:1101::/64 {
>> }
>>
>> subnet6 2002:817:55:1102::/64 {
>> }
>> }
>>
>> shared-network VLAN-100 {
>> subnet6 2002:817:55:11ee::/64 {
>> }
>> }
>>
>>
>> host atlas.example.com <http://atlas.example.com> {
>> hardware ethernet 00:50:56:a5:c6:69;
>> fixed-address6 2002:817:55:1100::52;
>> }
>>
>> host milo.example.com <http://milo.example.com> {
>>
>> hardware ethernet 00:50:56:a5:c6:70;
>> fixed-address6 2002:817:55:11ee::56;
>> }
>>
>> Milo
>>
>>
>>
>> Dne 2017-08-22 v 16:23 Hillary Nelson napsal(a):
>>
>> Great to know it works for you! I wonder do you need to restart
>> DHCPv6 server everytime there are new MAC added, with DHCPv4 we
>> use omapi to add dynamic host entry so no need to restart server.
>>
>> Here is the relevant config I've been trying, can you share your
>> config if you don't mind, you don't need to use your real IP
>> space:
>>
>> *****************************
>> shared-network "network-staff" {
>> subnet6 fd01:beef:1::/64 {
>> pool6 {
>> deny known-clients;
>> range6 fd01:beef:1::0/96;
>> }
>> }
>> subnet6 2001:beef:1::/64 {
>> pool6 {
>> deny unknown-clients;
>> range6 2001:beef:1::0/96;
>> }
>> }
>> }
>>
>> host registered-host1 { hardware ethernet 11:22:AA:BB:CC:DD;
>> option host-name "registered-host1"; }
>>
>> ***********************************
>>
>> Thanks!
>> Hillary
>>
>>
>> On Tue, Aug 22, 2017 at 9:05 AM, Miloslav Hůla
>> <miloslav.hula at gmail.com <mailto:miloslav.hula at gmail.com>
>> <mailto:miloslav.hula at gmail.com
>>
>> <mailto:miloslav.hula at gmail.com>>> wrote:
>>
>> Hi,
>>
>> we register DHCPv6 clients by MAC, the same way as DHCPv4.
>> With ISC
>> server, address association works directly via VLAN
>> interface or
>> relay, event this way is not i the RFCs.
>>
>> Milo
>>
>>
>> Dne 2017-08-18 v 16:14 Hillary Nelson napsal(a):
>>
>>
>> We plan to enable IPv6 registration like we do with our
>> IPv4(with deny unknown clients), which needs query
>> lease info to
>> get DUID from giving IPv6 address, without omapi
>> support, should
>> we parse lease or log to get DUID from IPv6 address?
>> How do you
>> folks get your DHCPv6 IPv6<->DUID mapping?
>>
>> If anyone has done IPv6 registration and would like to
>> share
>> your experience, it will be greatly appreciated!! You
>> contact me
>> off list if you want..
>>
>> Best,
>> Hillary
>>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20170822/c81d0559/attachment.html>
More information about the dhcp-users
mailing list