<div dir="ltr">Hi Sten, <div>Thanks for advice, I just want to make sure that my DHCP server will grant IP from particular subnet to the clients which has </div><div>specified value in agent.circuit-id/ agent.remote-id suboptions of option 82
from request packets (DHCP relay will be adding the option 82 info to request packet)</div><div><br></div><div><br></div><div>it is missing the deny unknown-clients; statement. -------------></div><div>It will deny all the clients that does not have host declaration ? sorry I am not confirm about this</div><div><br></div><div> Thanks <br></div><div> Surya</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Sep 27, 2019 at 7:51 PM Sten Carlsen <<a href="mailto:stenc@s-carlsen.dk">stenc@s-carlsen.dk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFCC">
<br>
<br>
<div>On 27/09/2019 15.59, Surya Teja wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Bill,<br>
<div>Do you have 40,000 clients?</div>
<div>Yes some times the dhcp client traffic reaches nearly
40-50k in my environment.</div>
<div>What is you goal here? <br>
</div>
<div>I want to avoid the untrusted dhcp clients to request the
server and fill up the leases, So I went through internet and
found that option 82 can be a similar functionality.</div>
<div>Link I checked for: <a href="https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN" target="_blank">https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN</a>
<br>
</div>
</div>
</blockquote>
This example has a few problems:<br>
It defines classes inside the subnet, this is not a good idea. Keep
declarations global.<br>
It does not prevent unknown-clients from getting an IP from any of
the pools, it is missing the deny unknown-clients; statement.<br>
allow members of "VLAN10"; denies other
classes but does not deny unknown-clients as you seem to want.<br>
<blockquote type="cite">
<div dir="ltr">
<div> The set up is similar to my environment using relay agents
to forward the packets I want to replicate the setup in my
environment. The adobe techniques is like authenticating the
requests and then granting IP</div>
<div><br>
</div>
<div><br>
</div>
<div> <br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Sep 27, 2019 at 6:55
PM Bill Shirley <<a href="mailto:bill@c3po.polymerindustries.biz" target="_blank">bill@c3po.polymerindustries.biz</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Yeah, I had found that web page too. But note later on
that page he states about his patch:<br>
<font color="#993300"><tt>This has been tested on a Xeon
2.8 Ghz server, it uses just a few percent of CPU with
40.000 DHCP clients. </tt><tt><br>
</tt></font>Do you have 40,000 clients?<br>
<br>
I use many classes in my DHCP configurations on 15+
servers. I haven't had a problem<br>
with DHCP eating up all the resources.<br>
<br>
What is you goal here? Are you wanting to assign a fixed
address for each client?</p>
<p>Bill<br>
</p>
<div>On 9/27/2019 7:32 AM, Surya Teja wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi Bill Thanks for reply<br>
<div>Why are you avoiding the class statement? </div>
<div>In one of the google forum I have read the
statement saying like </div>
<div><span>The internal implementation in ISC DHCPD of
classes is such that it scales in a non-linar way -
O(N^2) or something. So suddenly you'll end up with
dhcpd eating 100% CPU.</span></div>
<div>So I just want to avoid the classes </div>
<div>While surfing I found that for the host declaration
statements we can use the syntax like </div>
<div>
<pre style="color:rgb(0,0,0)">EX: host client-name-1 {
<b>host-identifier option agent.circuit-id "dslam42.port22";</b>
hardware ethernet 00:e0:4c:a7:ca:de;
fixed-address 192.168.0.6;
}</pre>
</div>
<div> So I just want to know any
config statements similar like above applies for scope
sections<br>
</div>
<div><br>
</div>
<div>What does the agent.circuit-id and agent.remote-id
contain? I can't figure out why you're using substring
on these values (in your original post).</div>
<div>It is just sample example I found in the forum, I
don't have issue with directly checking without using
the substring function or <span style="color:rgb(0,0,0);font-family:Verdana,Geneva,Helvetica,Arial,sans-serif;font-size:13.44px">binary-to-ascii</span> to
cross check the values </div>
<div><br>
</div>
<div>Thanks</div>
<div> <br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Sep 27, 2019
at 4:06 PM Bill Shirley <<a href="mailto:bill@c3po.polymerindustries.biz" target="_blank">bill@c3po.polymerindustries.biz</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Options in a pool are options to be <b>sent</b>
not matched.</p>
<p>Why are you avoiding the class statement? What
does the agent.circuit-id and agent.remote-id
contain?<br>
I can't figure out why you're using substring on
these values (in your original post).<br>
</p>
<p>Bill<br>
</p>
<div>On 9/27/2019 3:44 AM, Surya Teja wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi <br>
<div>It might be too many questions but I wan to
configure my dhcpd configuration file by
avoiding the classes as much as possible</div>
<div>If the subnet is configured as like below
snippet </div>
<div>subnet 192.168.10.0 netmask 255.255.255.0
{ </div>
<div> pool { </div>
<div> range 192.168.10.10
192.168.10.199; <br>
option subnet-mask 255.255.255.0;<br>
option routers 10.1.10.1;<br>
option domain-name "<a href="http://test.com" target="_blank">test.com</a>";<br>
option agent.circuit-id "22";<br>
option agent.remote-id
"192.168.10.242";</div>
<div> } <br>
}<br>
</div>
<div>can we achieve the option 82 configuration
setup with above snippet</div>
<div> Thanks in advance and or if any reference
links to setup the option 82 functionality
without class can also be appreciated</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Sep
26, 2019 at 7:42 PM Surya Teja <<a href="mailto:suryateja042@gmail.com" target="_blank">suryateja042@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi is the option 82 supported
by using class concept only ?
<div>or can it be defined as other general
options like domain-name server, router in
scope section ?</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue,
Sep 24, 2019 at 12:49 PM Surya Teja <<a href="mailto:suryateja042@gmail.com" target="_blank">suryateja042@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Hi, <br>
I am trying to configure the dhcp option
82, went through the google forums and
one of it suggest the syntax like<br>
# vim /etc/dhcp/dhcpd.conf<br>
########################################################<br>
log-facility local7;<br>
<b>class "VLAN10" {<br>
match if
binary-to-ascii(10,16,"",substring(option
agent.circuit-id,2,2)) = "10";<br>
} # VLAN10<br>
class "VLAN20" { <br>
match if ( substring(option
agent.remote-id,2,15)="10.5.20.4" <br>
and binary-to-ascii(10, 16,
"",substring(option agent.circuit-id,
4, 2)) = "2" ); <br>
}</b><br>
subnet 192.168.10.0 netmask
255.255.255.0 {<br>
pool {<br>
<b>allow members of
"VLAN10";</b><br>
default-lease-time
600;<br>
max-lease-time
7200;<br>
range
192.168.10.1 192.168.10.199;<br>
option routers
192.168.10.254;<br>
option broadcast-address
192.168.10.255;<br>
option subnet-mask
255.255.255.0;<br>
option
domain-name-servers 4.2.2.2;<br>
}<br>
}<br>
subnet 192.168.20.0 netmask
255.255.255.0 {<br>
pool {<br>
<b> allow members of
"VLAN20";</b><br>
default-lease-time
600;<br>
max-lease-time
7200;<br>
range
192.168.20.20 192.168.20.199;<br>
option routers
192.168.20.254;<br>
option broadcast-address
192.168.20.255;<br>
option subnet-mask
255.255.255.0;<br>
option domain-name-servers
4.2.2.2;<br>
<br>
}<br>
(Just ignore ip values)<br>
can we configure this concept only by
using classes and make it allow or deny
like that?<br>
or can we use the option space concept
to get it worked(do we have any other
syntax). Thanks in advance<br>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
dhcp-users mailing list
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
dhcp-users mailing list
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
dhcp-users mailing list<br>
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
dhcp-users mailing list
<a href="mailto:dhcp-users@lists.isc.org" target="_blank">dhcp-users@lists.isc.org</a>
<a href="https://lists.isc.org/mailman/listinfo/dhcp-users" target="_blank">https://lists.isc.org/mailman/listinfo/dhcp-users</a>
</pre>
</blockquote>
<br>
</div>
</blockquote></div>