Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?

Tue Jun 6 09:25:32 UTC 2017

Hi,

On Thu, 1 Jun 2017, David Ramage wrote:

> Hey folks,
>
> I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
>
>
> Here's a config snippet which can probably explain things a lot faster:
>
>
> class "my_dhcp6" {
>  match if option dhcp6.interface-id = "GOOD_DHCP6";
>  log(info, option dhcp6.interface-id);
> }

you might want to look into the v6relopt function introduced with isc dhcp-4.3.5.

It allows you to pick the dhcp6.interface-id neaerest to the client request as follows:

 	v6relopt 1 dhcp6.interface-id = "foo"

Please sniff your dhcp packets on the dhcp server and have a look exactly where you relay agent inserts the interface-id.

The interface-id is not in the actual dhcp request but in the relay message that encapsulates the dhcp request.

There may be multiple levels on nesting depending on how many relay agents are in the path between the client and the dhcp server.

Then adjust v6relopt according to which option you like to see.

Greetings
Christian

>
>
> log(info, option dhcp6.remote-id);
> # The path of the lease file
> dhcpv6-lease-file-name "/srv/dhcpd6.leases";
>
> shared-network  "network6" {
>    subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
>    }
>    subnet6 2607:fa40:fffe::/48 {
>        pool6 {
>            allow members of "my_dhcp6";
>            prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
>            range6 2607:fa40:fffe:9000::/56;
>        }
>    }
> }
>
>
> When I do this, I get errors about no addresses being available.  As soon as I remove the allow_members statement from the pool, it works.  I'm doing this with DHCPD 4.3.5.
>
>
> Is this functionality supported?
>
> ________________________________
> The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
>

-- 
Christian Kratzer                   CK Software GmbH
Email:   ck at cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/