Example config with option 82, bogus relays
MAtteo HCE Valsasna
valsasna at uninsubria.it
Tue Jun 17 08:31:53 UTC 2008
Il giorno mar, 17/06/2008 alle 00.14 +0000, DHCP Users Mailing List ha
scritto:
>
> Subject: Example config with option 82
> Date: Mon, 16 Jun 2008 10:15:27 -0500
> From: "Corley, Kenneth L \(Kenny\)" <corley at alcatel-lucent.com>
>
> > Does anyone have a basic dhcpd config that includes option 82 that
> > they can share? I am running 3.0.5.
> >
> > Thanks
> > Kenny
> >
using option 82 for logging too.
after importing some bits from Blake (dhcp-message-type, leased-address):
if ((option dhcp-message-type = 3) and (exists agent.circuit-id)){
log(info, concat("relay agent ", binary-to-ascii(10,8,".",option agent.remote-id),
" forwarded for client ", option host-name,
", ", binary-to-ascii(16,8,":", hardware),
" on circuit ", binary-to-ascii(10,8,".",option agent.circuit-id),
" for ", binary-to-ascii (10, 8, ".", leased-address)));
}
on top of this log I sometimes run a pretty ugly perl script to produce
a textual relay-agent based network-map (i.e., for each relay agent
print a list of interfaces and hosts (hostname, mac, IP) connected to
each interface.
part of it is heavly site-specific, as it imports two list of "known"
mac address, and marks unknown addresses in the output, but it may be
useful for some.
on a side topic: from the above map, I notice that one host behave
somewhat like a relay agent, i.e. every dhcp broadcast he sees he
resends it again as broadcast.
As a consequence, I see the request coming both from the port the
booting client is connected to and from the port to which the bogus
relay is connected:
Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.123 for x.x.x.y
Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.44 for x.x.x.y
where the client is connected to 0.123, the bogus relay to 0.44
this happens on HP53xx switches, but only for a few "bogus relay" hosts
nmap fingerprints the host as
OS details: Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.11.0)
This is just mildly annoying on my site, but may be a serious problem if
anybody was limiting the number of leases per port.
Did anybody see anything alike?
best regards
MAtteo
More information about the dhcp-users
mailing list