Configuring option 82
Surya Teja
suryateja042 at gmail.com
Fri Sep 27 13:59:53 UTC 2019
Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my
environment.
What is you goal here?
I want to avoid the untrusted dhcp clients to request the server and fill
up the leases, So I went through internet and found that option 82 can be a
similar functionality.
Link I checked for:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
The set up is similar to my environment using relay agents to forward the
packets I want to replicate the setup in my environment. The
adobe techniques is like authenticating the requests and then granting IP
On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <
bill at c3po.polymerindustries.biz> wrote:
> Yeah, I had found that web page too. But note later on that page he
> states about his patch:
> This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent
> of CPU with 40.000 DHCP clients.
> Do you have 40,000 clients?
>
> I use many classes in my DHCP configurations on 15+ servers. I haven't
> had a problem
> with DHCP eating up all the resources.
>
> What is you goal here? Are you wanting to assign a fixed address for each
> client?
>
> Bill
> On 9/27/2019 7:32 AM, Surya Teja wrote:
>
> Hi Bill Thanks for reply
> Why are you avoiding the class statement?
> In one of the google forum I have read the statement saying like
> The internal implementation in ISC DHCPD of classes is such that it scales
> in a non-linar way - O(N^2) or something. So suddenly you'll end up with
> dhcpd eating 100% CPU.
> So I just want to avoid the classes
> While surfing I found that for the host declaration statements we can use
> the syntax like
>
> EX: host client-name-1 {
> *host-identifier option agent.circuit-id "dslam42.port22";*
> hardware ethernet 00:e0:4c:a7:ca:de;
> fixed-address 192.168.0.6;
> }
>
> So I just want to know any config statements similar like above applies
> for scope sections
>
> What does the agent.circuit-id and agent.remote-id contain? I can't figure
> out why you're using substring on these values (in your original post).
> It is just sample example I found in the forum, I don't have issue with
> directly checking without using the substring function or binary-to-ascii to
> cross check the values
>
> Thanks
>
>
> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
> bill at c3po.polymerindustries.biz> wrote:
>
>> Options in a pool are options to be *sent* not matched.
>>
>> Why are you avoiding the class statement? What does the agent.circuit-id
>> and agent.remote-id contain?
>> I can't figure out why you're using substring on these values (in your
>> original post).
>>
>> Bill
>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>
>> Hi
>> It might be too many questions but I wan to configure my dhcpd
>> configuration file by avoiding the classes as much as possible
>> If the subnet is configured as like below snippet
>> subnet 192.168.10.0 netmask 255.255.255.0 {
>> pool {
>> range 192.168.10.10 192.168.10.199;
>> option subnet-mask 255.255.255.0;
>> option routers 10.1.10.1;
>> option domain-name "test.com";
>> option agent.circuit-id "22";
>> option agent.remote-id "192.168.10.242";
>> }
>> }
>> can we achieve the option 82 configuration setup with above snippet
>> Thanks in advance and or if any reference links to setup the option 82
>> functionality without class can also be appreciated
>>
>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja042 at gmail.com>
>> wrote:
>>
>>> Hi is the option 82 supported by using class concept only ?
>>> or can it be defined as other general options like domain-name server,
>>> router in scope section ?
>>>
>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja042 at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>> I am trying to configure the dhcp option 82, went through the google
>>>> forums and one of it suggest the syntax like
>>>> # vim /etc/dhcp/dhcpd.conf
>>>> ########################################################
>>>> log-facility local7;
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *class "VLAN10" { match if
>>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>>> # VLAN10 class "VLAN20" { match if ( substring(option
>>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>> pool {
>>>> *allow members of "VLAN10";*
>>>> default-lease-time 600;
>>>> max-lease-time 7200;
>>>> range 192.168.10.1
>>>> 192.168.10.199;
>>>> option routers 192.168.10.254;
>>>> option broadcast-address 192.168.10.255;
>>>> option subnet-mask 255.255.255.0;
>>>> option domain-name-servers 4.2.2.2;
>>>> }
>>>> }
>>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>>> pool {
>>>> * allow members of "VLAN20";*
>>>> default-lease-time 600;
>>>> max-lease-time 7200;
>>>> range 192.168.20.20 192.168.20.199;
>>>> option routers 192.168.20.254;
>>>> option broadcast-address 192.168.20.255;
>>>> option subnet-mask 255.255.255.0;
>>>> option domain-name-servers 4.2.2.2;
>>>>
>>>> }
>>>> (Just ignore ip values)
>>>> can we configure this concept only by using classes and make it allow
>>>> or deny like that?
>>>> or can we use the option space concept to get it worked(do we have any
>>>> other syntax). Thanks in advance
>>>>
>>>
>> _______________________________________________
>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/1ab30c6d/attachment.html>
More information about the dhcp-users
mailing list