ISC DHCP 4.4.1_CentOS7_DHCPv6_Relay_server: issue related with Class matching option along with condition.
PaviGuru Pavithragurumurthy
gurumurthyka at gmail.com
Wed Nov 7 10:42:10 UTC 2018
Hi,
Thanks for the response,
Yes, we need to match incoming values vs configured parameter on relay
server, if both are matches allow these IP’s [ as per dhcpd6 configuration
file]
We received message from relay agent : DHCPv6 Message type: Relay-forw (12)
with Option: Interface-Id (18) [ with name “TESTING;”]
So we have configured class condition to meet these incoming requirement.
i.e. matching with TESTING; [ using class option ]
*could you share config file with v6relopt to match our need, attached pcap
collected at relay server. *
where we need to place this match. It helps me a lot !!!. first time
looking with IPv6.
/etc/dhcp/dhcpd6.conf [ *old configuration*]
class "team" {
# match if substring (option dhcp6.remote-id, 0, 8) = "TESTING;";
match if substring (option dhcp6.interface-id, 0, 8) = "TESTING|";
}
subnet6 3001:db8:100:f101::0/64 {
pool6 {
allow members of "team";
range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
}
}
*NOTE:*
Same Configuration type we used on DHCPv4 relay server and is working fine.
So I used same format in DHCPv6 relay server.
[root at localhost dhcp]# cat DHCPv4_Relay_server
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
authoritative;
log-facility local7;
option ipaddress code 43 = ip-address;
default-lease-time 86400;
class "VLAN242" {
match if(
(substring (option agent.circuit-id,0,7) = "AC220m;")
);
}
shared-network "DHCPrelay" {
subnet 10.43.45.0 netmask 255.255.255.0{
option routers 10.43.45.1;
}
subnet 192.242.0.0 netmask 255.255.252.0{
option routers 192.242.0.1;
}
pool {
allow members of "VLAN242";
range 192.242.0.11 192.242.3.254;
option subnet-mask 255.255.252.0;
option routers 192.242.0.1;
}
}
[root at localhost dhcp]#
Thanks
Guru
On Wed, Nov 7, 2018 at 2:33 PM yoshihiko fujita <fujita at ncad.co.jp> wrote:
> Hello,
> > match if substring (option dhcp6.interface-id, 0, 5) = "GURU;";
>
> interface id option is relay-forw message type option.
> but dhcp6.interface-id represents the Relay Message options in options.
>
> if host-identifier can use v6relopt.
>
> sample:
> host {
> host-identifier v6relopt 1 dhcp6.interface-id 01:00:00:00;
> ...
>
> but match if syntax does not seem to support.
>
> Good luck!
>
> 2018年11月7日(水) 12:18 gurumurthyka at gmail.com <gurumurthyka at gmail.com>:
>
>> Thanks for the response,
>>
>>
>>
>> Could you check on config file, the configured parameter are correct and
>> responseding text shows matching was not found. I’m bit concern on here.
>> None of other matching not working. i have tested multiple combination of
>> characters, but every time fail with same indication.
>>
>>
>> *NOTE:* We have tested DHCPv4 relay server with same relay agent with
>> IPv4 working fine !!. with DHCPv6 has concern.
>>
>>
>> In our relay always ending with semicolon like "TESTING;", TETSING can
>> change to any character.
>>
>>
>>
>> Test#1: DHCPv6 relay sending with option 18 interface id with “TESTING;”
>>
>>
>>
>> Config file changes: relay sending with 8 ASCII character
>> [TESTING;] , as from wireshark.
>>
>>
>>
>> class "team" {
>>
>> match if substring (option dhcp6.interface-id*, 0, 7) =
>> "TESTING*";
>>
>> }
>>
>>
>>
>> subnet6 3001:db8:100:f101::0/64 {
>>
>> pool6 {
>>
>> log(info, option dhcp6.interface-id);
>>
>> range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
>>
>> allow members of "team";
>>
>> }
>>
>> }
>>
>> Result : same indication as earlier.
>>
>> *Unable to pick client address: no addresses available* - shared
>> network 3001:db8:100:f101::/64: 0 total, 0 active, 0 abandoned
>>
>>
>>
>> *Test#2*: DHCPv6 relay sending with option 18 interface id with “GURU;”
>>
>>
>>
>> Config file changes: relay sending with 8 ASCII character
>> [GURU;] , as from wireshark.
>>
>>
>>
>> class "team" {
>>
>> match if substring (option dhcp6.interface-id*, 0, 5) = "GURU;*
>> ";
>>
>> }
>>
>>
>>
>> subnet6 3001:db8:100:f101::0/64 {
>>
>> pool6 {
>>
>> log(info, option dhcp6.interface-id);
>>
>> range6 3001:db8:100:f101::0:100 3001:db8:100:f101::0:1FF;
>>
>> allow members of "team";
>>
>> }
>>
>> }
>>
>> Result : same indication as earlier.
>>
>> *Unable to pick client address: no addresses available* - shared
>> network 3001:db8:100:f101::/64: 0 total, 0 active, 0 abandoned
>>
>>
>>
>> Thanks
>>
>> Guru
>>
>>
>>
>> On Wed, Nov 7, 2018 at 7:39 AM Christopher Barry <
>> christopher.r.barry at gmail.com> wrote:
>>
>>> On Tue, 6 Nov 2018 21:32:32 +0530
>>> PaviGuru Pavithragurumurthy <gurumurthyka at gmail.com> wrote:
>>>
>>> >"TESTING;";
>>>
>>> Responding only because I see no one else has.
>>>
>>> is that extra semicolon inside the quotes desired? I have never setup
>>> an ipv6 dhcp server, so I'm likely no help to you, but sometimes it's
>>> something that silly.
>>>
>>> maybe do a substring 7 chars and match to "TESTING" to see if that
>>> semicolon is somehow biting you?
>>>
>>> Good Luck!
>>>
>>> --
>>> Regards,
>>> Christopher
>>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
> --
> □■━━━━━━━━━━━━━━━━━
> 藤田 善光 fujita at ncad.co.jp
> 日本シー・エー・ディー株式会社
> TEL:03-3565-3011
> FAX:03-3565-3611
> http://www.ncad.co.jp
> ━━━━━━━━━━━━━━━━━■□
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20181107/e666a3ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: DHCPv6_relay.pcap
Type: application/octet-stream
Size: 19360 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20181107/e666a3ec/attachment-0001.obj>
More information about the dhcp-users
mailing list