Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?

Patrick Trapp ptrapp at nex-tech.com
Mon Jun 5 16:08:16 UTC 2017


I'm not going to be your best resource on this list, I was just trying to think how I would dig into this if I were you. I would be investigating that possibility. You've confirmed the data matches - can you see in the packet capture that the field name is an exact match, also? Just working from the assumption that it should work, why might it not be working, you know? Sorry I cannot say whether it is definitely or definitely not functionality that works.

Patrick

From: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:58 AM
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?

Thank you for your fast response Patrick.
I just double checked the config on  the router and looked at a packet capture as well.  I don't see any white space.

From: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of Patrick Trapp
Sent: Monday, June 05, 2017 8:21 AM
To: Users of ISC DHCP <dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?

Have you confirmed that the incoming requests match your requirements for your class? No extraneous spaces or characters in addition to what you are matching on?

From: dhcp-users [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:17 AM
To: dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?

Hey folks,
I hate to be a pain about this, but is this possible?

From: David Ramage
Sent: Thursday, June 01, 2017 4:17 PM
To: dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
Subject: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?


Hey folks,

I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).



Here's a config snippet which can probably explain things a lot faster:



class "my_dhcp6" {
  match if option dhcp6.interface-id = "GOOD_DHCP6";
  log(info, option dhcp6.interface-id);
}


log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";

shared-network  "network6" {
    subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
    }
    subnet6 2607:fa40:fffe::/48 {
        pool6 {
            allow members of "my_dhcp6";
            prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
            range6 2607:fa40:fffe:9000::/56;
        }
    }
}



When I do this, I get errors about no addresses being available.  As soon as I remove the allow_members statement from the pool, it works.  I'm doing this with DHCPD 4.3.5.



Is this functionality supported?

________________________________
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
________________________________
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20170605/8bbbc4ef/attachment.html>


More information about the dhcp-users mailing list