Configuring option 82

Surya Teja suryateja042 at gmail.com
Fri Sep 27 13:59:53 UTC 2019


Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my
environment.
What is you goal here?
I want to avoid the untrusted dhcp clients to request the server and fill
up the leases, So I went through internet and found that option 82 can be a
similar functionality.
Link I checked for:
https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN

 The set up is similar to my environment using relay agents to forward the
packets I want to replicate the setup in my environment. The
adobe techniques is like authenticating the requests and then granting IP




On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <
bill at c3po.polymerindustries.biz> wrote:

> Yeah, I had found that web page too.  But note later on that page he
> states about his patch:
> This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent
> of CPU with 40.000 DHCP clients.
> Do you have 40,000 clients?
>
> I use many classes in my DHCP configurations on 15+ servers.  I haven't
> had a problem
> with DHCP eating up all the resources.
>
> What is you goal here?  Are you wanting to assign a fixed address for each
> client?
>
> Bill
> On 9/27/2019 7:32 AM, Surya Teja wrote:
>
> Hi Bill Thanks for reply
> Why are you avoiding the class statement?
> In one of the google forum I have read the statement saying like
> The internal implementation in ISC DHCPD of classes is such that it scales
> in a non-linar way - O(N^2) or something. So suddenly you'll end up with
> dhcpd eating 100% CPU.
> So I just want to avoid the classes
> While surfing I found that for the host declaration statements we can use
> the syntax like
>
> EX: host client-name-1 {
> 		*host-identifier option agent.circuit-id "dslam42.port22";*
> 		hardware ethernet 00:e0:4c:a7:ca:de;
> 		fixed-address 192.168.0.6;
> 	}
>
>  So I just want to know any config statements similar like above applies
> for scope sections
>
> What does the agent.circuit-id and agent.remote-id contain? I can't figure
> out why you're using substring on these values (in your original post).
> It is just sample example I found in the forum, I don't have issue with
> directly checking without using the substring function or binary-to-ascii to
> cross check the values
>
> Thanks
>
>
> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
> bill at c3po.polymerindustries.biz> wrote:
>
>> Options in a pool are options to be *sent* not matched.
>>
>> Why are you avoiding the class statement? What does the agent.circuit-id
>> and agent.remote-id contain?
>> I can't figure out why you're using substring on these values (in your
>> original post).
>>
>> Bill
>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>
>> Hi
>> It might be too many questions but I wan to configure my dhcpd
>> configuration file by avoiding the classes as much as possible
>> If the subnet is configured as like below snippet
>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>   pool {
>>          range   192.168.10.10 192.168.10.199;
>>         option subnet-mask 255.255.255.0;
>>         option routers 10.1.10.1;
>>         option domain-name "test.com";
>>         option agent.circuit-id "22";
>>         option agent.remote-id "192.168.10.242";
>>   }
>> }
>> can we achieve the option 82 configuration setup with above snippet
>>  Thanks in advance and or if any reference links to setup the option 82
>> functionality without class can also be appreciated
>>
>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja042 at gmail.com>
>> wrote:
>>
>>> Hi is the option 82 supported by using class concept only ?
>>> or can it be defined as other general options like domain-name server,
>>> router in scope section ?
>>>
>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja042 at gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>> I am trying to configure the dhcp option 82, went through the google
>>>> forums and one of it suggest the syntax like
>>>> # vim /etc/dhcp/dhcpd.conf
>>>> ########################################################
>>>> log-facility local7;
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *class "VLAN10" {         match if
>>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>>> # VLAN10 class "VLAN20" {          match if ( substring(option
>>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>>         pool {
>>>>                 *allow members of                "VLAN10";*
>>>>                 default-lease-time               600;
>>>>                 max-lease-time                    7200;
>>>>                 range                           192.168.10.1
>>>> 192.168.10.199;
>>>>                 option routers                  192.168.10.254;
>>>>                 option broadcast-address        192.168.10.255;
>>>>                 option subnet-mask              255.255.255.0;
>>>>                 option domain-name-servers      4.2.2.2;
>>>> }
>>>> }
>>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>>>         pool {
>>>>        * allow members of                "VLAN20";*
>>>>         default-lease-time              600;
>>>>         max-lease-time                  7200;
>>>>         range                           192.168.20.20 192.168.20.199;
>>>>         option routers                  192.168.20.254;
>>>>         option broadcast-address        192.168.20.255;
>>>>         option subnet-mask              255.255.255.0;
>>>>         option domain-name-servers      4.2.2.2;
>>>>
>>>> }
>>>> (Just ignore ip values)
>>>> can we configure this concept only by using classes and make it allow
>>>> or deny like that?
>>>> or can we use the option space concept to get it worked(do we have any
>>>> other syntax). Thanks in advance
>>>>
>>>
>> _______________________________________________
>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/1ab30c6d/attachment.html>


More information about the dhcp-users mailing list