<div dir="ltr"><div class="gmail_extra"><div><div class="gmail_signature"><br></div></div><div class="gmail_quote">On Tue, Sep 12, 2017 at 9:33 PM, Jeff Kletsky <span dir="ltr"><<a href="mailto:kea-dhcp@allycomm.com" target="_blank">kea-dhcp@allycomm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I've been able to get kea to run nicely as a DHCP server in "conventional" mode with an interface listening on every one of the VLANs that I need to serve.<br>
<br>
I'm trying to configure it now so that it only responds to relayed DHCP through my Cisco SG300-series switches.<br>
<br>
"dhcp-socket-type": "udp"<br>
<br>
is already set.<br>
<br>
<br>
I've been able to decode the Cisco format and it appears to properly assign the client-class based on the VLAN:<br>
<br>
kea.conf:<br>
<br>
"client-classes": [<br>
<?include "/usr/local/etc/kea/client_cla<wbr>sses.conf"?><br>
],<br>
<br>
client_classes.conf includes:<br>
<br>
{<br>
"name": "VLAN_1010",<br>
"test": "substring(relay4[1].hex, 2, 2) == 0x03F2"<br>
}<br>
<br>
<br>
Thanks to the debugging instructions in 13.9 (very helpful!), I was able to fix my first shot and "test" the above expressions. They match as expected, with that match being logged in the kea-dhcp4 log:<br>
<br>
EVAL_RESULT Expression VLAN_1010 evaluated to 1<br>
<br>
<br>
In my application, the DHCP server and switches are "talking" on addresses in the <a href="http://10.2.87.0/24" rel="noreferrer" target="_blank">10.2.87.0/24</a> range, but the pool is in the <a href="http://10.10.10.0/24" rel="noreferrer" target="_blank">10.10.10.0/24</a> range.<br>
<br>
<br>
Setting the subnet parameter to correspond to the pool results in "failed to select a subnet for incoming packet"<br>
<br>
The subnet parameter is mandatory, so I can't just use the client-class to select the pool<br>
<br>
If I set it to <a href="http://10.2.87.0/24" rel="noreferrer" target="_blank">10.2.87.0/24</a> then kea won't start, complaining that the pool does not match the prefix of the subnet<br>
<br></blockquote><div>I have not (yet) used kea, so I am just guessing based on experience with dhcpd.</div><div>But this message sounds like you need an empty subnet declared for the actual interface of the kea server, even if it is not serving DHCP on that subnet, So try adding: (where a.b.c.d/e is the subnet the kea server is on)</div><div><br></div><div> {<br> "subnet": "<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">a</a>.b.c.d/e"<br></div><div> }<br></div><div> </div><div>In addition to the <a href="http://10.2.87.0/24" rel="noreferrer" target="_blank">10.2.87.0/24</a> subnet.</div><div><br></div><div>In the older dhcpd server, this is an unfortunate result of the assumption that the DHCP is serving DHCP on the subnet it is connected to. I would have hoped that kea would have fixed that. (Or can someone explain why it is needed?)</div><div><br></div><div>-- </div><div>Bob Harold</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
So far, only the rather ugly solution of setting the subnet to one that overlaps both the interface's address and the pool is all I've found to be functional<br>
<br>
{<br>
"subnet": "<a href="http://10.0.0.0/8" rel="noreferrer" target="_blank">10.0.0.0/8</a>",<br>
"pools": [ { "pool": "10.10.10.200 - 10.10.10.219" } ],<br>
"client-class": "VLAN_1010",<br>
<br>
[...]<br>
<br>
(similarly <?include "ed"?> in the subnet4 section)<br>
<br>
<br>
The kea instance will *only* be answering relayed DHCP, never direct connections.<br>
<br>
<br>
Is there a better way to configure this?<br>
<br>
<br>
TIA,<br>
<br>
Jeff<br>
<br></blockquote></div></div></div>