Using the "vendor-class-identifer" to trigger different scripts
Adam Raymond
adam.m.r at gmail.com
Tue May 8 03:23:41 UTC 2018
Sorry all: I managed to get around this. If you get rid of the "include"
statement in the class statement it works.
Adam
On Tue, May 8, 2018 at 1:03 PM, Adam Raymond <adam.m.r at gmail.com> wrote:
> Hi,
>
> I have spent some weeks trying to ISC DHCP daemon to differentiate
> between different devices based on the "vendor-class-identifier" or option
> 60. This is sent to the DHCP server by the device types that I am trying to
> configure (in this case a ADVA GE112Pro) and identifies the model of the
> GE112Pro that is making the request - we need to configure the box
> differently depending on the model. It looks like this from a TCPDUMP: I
> have managed to get this working by fittering MAC addresses, but the
> different models all use the same OUI (first half of the MAC address) so
> cannot be differentiated on this basis.
>
> 05:45:53.216955 IP (tos 0x0, ttl 26, id 36530, offset 0, flags [none],
> proto UDP (17), length 341)
> 10.65.23.253.bootps > man01.syd04.nsw.vocus.net.au.bootps: [udp sum
> ok] BOOTP/DHCP, Request from 00:80:ea:ba:60:61 (oui Unknown), length 313,
> xid 0x5521f6bf, Flags [none] (0x0000)
> Gateway-IP 10.65.23.253
> Client-Ethernet-Address 00:80:ea:ba:60:61 (oui Unknown)
> Vendor-rfc1048 Extensions
> Magic Cookie 0x63825363
> DHCP-Message Option 53, length 1: Discover
> Lease-Time Option 51, length 4: 43200
> Hostname Option 12, length 17: "FSP150-GE112Pro-H"
> Parameter-Request Option 55, length 6:
> Subnet-Mask, BR, Time-Zone, Default-Gateway
> Domain-Name, Hostname
> Vendor-Class Option 60, length 25: "ADVA FSP 150-GE112Pro (H)"
> Client-ID Option 61, length 7: ether 00:80:ea:ba:60:61
> END Option 255, length 0
>
> Note: I would happily use option 12 (host-name) as well to make the
> differentiation. I still haven't been able to do this.
>
> Aside: I have been taking my names for options from
> http://www.ipamworldwide.com/ipam/isc-dhcpv4-options.html.
>
> Most of what I have read on the internet seems to push towards using a
> class to do this, similar to:
> class "ras-clients" {
> match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
> }
>
> But I am yet to get this to work. A bit more information might be
> necessary. I am trying to trigger scripts with this differentiation. The
> subnet config looks like this:
>
> subnet 172.17.132.0 netmask 255.255.255.0 {
> interface eth0;
> option routers 172.17.132.1;
> option subnet-mask 255.255.255.0;
> option broadcast-address 172.17.132.255;
> next-server 172.17.132.68;
> option dhcp-renewal-time 300;
> option dhcp-rebinding-time 30;
> filename "adva_boot";
> option boot-server "labvm800.rlab.nn.com.au";
>
> set location = "QLD";
> include "/etc/dhcp/on-commit.conf";
>
> pool {
> max-lease-time 3600;
> range 172.17.132.115 172.17.132.117;
> }
> }
>
> The - include "/etc/dhcp/on-commit.conf"; - points to a file that looks
> like this:
>
> on commit {
> set clip = binary-to-ascii(10, 8, ".", leased-address);
> set clhw = concat (
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,2,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,3,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,4,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,5,1))),2), ":",
> suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,6,1))),2)
> );
> if (substring (clhw,1,8) = "00:80:ea") {
> execute("/usr/local/sbin/scriptA", "commit", clip, clhw,
> location);
> } else {
> execute("/usr/local/sbin/scriptB", "commit", clip, clhw,
> location);
> }
> }
>
> This works but has the issue of being tied down to MAC address matching,
> which in the case is pointless as we don't know if the individual MAC
> address and need to be albe to automatically determine the model and the
> UID is the same for each model.
>
> I have tried the class options with this configuration:
>
> default-lease-time 600;
> max-lease-time 7200;
>
> option domain-name "vocus.net";
> option domain-name-servers 172.16.79.1, 172.16.79.254;
> option ntp-servers 172.16.79.6, 172.16.79.2;
>
> class "GE112Pro" {
> match if (option vendor-class-identifier) = "ADVA FSP
> 150-GE112Pro" ;
> include "/etc/dhcp/GE112Pro.conf";
> }
>
> class "GE112ProH" {
> match if (option vendor-class-identifier) = "ADVA FSP 150-GE112Pro
> (H)";
> include "/etc/dhcp/GE112ProH.conf";
> }
>
> subnet 172.17.132.0 netmask 255.255.255.0 {
> interface eth0;
> option routers 172.17.132.1;
> option subnet-mask 255.255.255.0;
> option broadcast-address 172.17.132.255;
> next-server 172.17.132.68;
> option dhcp-renewal-time 300;
> option dhcp-rebinding-time 30;
>
> pool {
> allow members of "GE112Pro";
> include "/etc/dhcp/GE112Pro.conf";
> range 172.17.132.116 172.17.132.116;
> }
>
> pool {
> allow members of "GE112ProH";
> include "/etc/dhcp/GE112ProH.conf";
> range 172.17.132.115 172.17.132.115;
> }
> }
>
> This is on a separate server from the previous setup which is used for
> testing. This seems to work in that it assigns an IP address from the
> correct pool, but it doesn't run the script in question (which just writes
> a line to a file).
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20180508/1ef96734/attachment.html>
More information about the dhcp-users
mailing list