Question about logging Option 82

Glenn Satchell glenn.satchell at uniq.com.au
Fri Mar 5 12:03:46 UTC 2010 

if exists agent.circuit-id
{
    log ( error, concat(
    "SMAC:",binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)),
    " SWIP:",binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)),
    " VLAN:",binary-to-ascii (10, 16, "", substring( option 
agent.circuit-id, 2, 2)),
    " PORT:",binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)),
    " ip:",binary-to-ascii (10, 8, ".", leased-address)
    ));
}

If you get to the no free leases stage, then that means leased-address 
in null, and hence the whole concat() returns null. You probably need 
another condition in there to see if leased-address is non-null and 
maybe check option dhcp-message-type also since this gets parsed for 
messages like DHCPDISCOVER when no address is assigned.


This is not related to your logging question, but you can simplify the 
match statements you are using. No need to convert to ascii first. A 
binary string can be represented as a series of colon separated hex 
digits. See dhcp-eval man page. eg:

# c2950
class "192.168.70.18"{ match if binary-to-ascii (10, 8, "", suffix( 
option agent.circuit-id, 1)) = "0"
   and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = 
"0.c.ce.47.7c.0";}

becomes:

class "192.168.70.18" {
    match if suffix(option agent.circuit-id, 1) = 0
          and suffix(option agent.remote-id,6) = 0:c:ce:47:7c:0;
}

HTH.

regards,
-glenn

On 03/05/10 16:56, Anton wrote:
> Hi.
>
> I have isc dhcp server to serve dhcp requests with option 82. Server works. The problem is that it does not
> log circuit-id information when request can not be handled but it logs this information when request is
> accepted. Very hard to debug switches settings.
>
> When request is success log entry looks like:
> ----------------------------------------------------------------------------------------------------------------
> Mar 5 11:25:40 myhost daemon.err dhcpd: SMAC:0.c.ce.47.7c.0 SWIP:206.71.124.0 VLAN:100 PORT:0 ip:192.168.70.18
> #                                       ^^^^^^ - right MAC  ^^^^^^ - wrong ip because c2950 gives MAC in
> #                                       Remote-id
> ----------------------------------------------------------------------------------------------------------------
>
> Here I can see switch mac (can find the switch), see the right vlan-id and port number (0 -- is a first port)
> -- all is fine.
>
> When request is failed log entry is:
> --------------------------------------------------------------------------------------------------------------
> Mar 5 11:45:54 myhost daemon.err dhcpd: DHCPDISCOVER from 00:02:44:1d:7e:ea via eth0: network
> 192.168.70.16/28: no free leases
> --------------------------------------------------------------------------------------------------------------
> and that is all
>
> Yes, some switch is configured wrong but I can not see SMAC,VLAN,PORT. Switch sends circuit-id information --
> it can be seen in tcpdump but information is not human readable.
>
> I would like to see in logs option 82 information on every (success or no success) dhcp request if circuit-id
> is presented. Is it possible ?
>
>
> my dhcp.conf:
> -----------------------------------------------------------------
> option domain-name-servers 192.168.0.1, 192.168.10.1;
>
> default-lease-time 43200;
> max-lease-time 86400;
>
> ddns-update-style none;
> authoritative;
>
> subnet 192.168.1.0 netmask 255.255.254.0 {
> }
>
> if exists agent.circuit-id
> {
>    log ( error, concat(
> #       ^^^^^^ - tried here "info" and "debug" -- no result
>    "SMAC:",binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)),
>    " SWIP:",binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)),
>    " VLAN:",binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)),
>    " PORT:",binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)),
>    " ip:",binary-to-ascii (10, 8, ".", leased-address)
>    ));
> }
>
> subnet 192.168.70.16 netmask 255.255.255.240 {
>    option routers 192.168.70.17;
>    option broadcast-address 192.168.70.31;
>
>    # c2950
>    class "192.168.70.18"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "0"
>     and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
>    class "192.168.70.19"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "1"
>     and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
>    class "192.168.70.20"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "2"
>     and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
> ...
>    pool { range 192.168.70.18; allow members of "192.192.70.18"; }
>    pool { range 192.168.70.19; allow members of "192.192.70.19"; }
>    pool { range 192.168.70.20; allow members of "192.192.70.20"; }
> ...
> }
> -----------------------------------------------------------------

More information about the dhcp-users mailing list