Configuring option 82
Surya Teja
suryateja042 at gmail.com
Fri Sep 27 15:16:23 UTC 2019
Hi Sten,
Thanks for advice, I just want to make sure that my DHCP server will grant
IP from particular subnet to the clients which has
specified value in agent.circuit-id/ agent.remote-id suboptions of option
82 from request packets (DHCP relay will be adding the option 82 info to
request packet)
it is missing the deny unknown-clients; statement. ------------->
It will deny all the clients that does not have host declaration ? sorry I
am not confirm about this
Thanks
Surya
On Fri, Sep 27, 2019 at 7:51 PM Sten Carlsen <stenc at s-carlsen.dk> wrote:
>
>
> On 27/09/2019 15.59, Surya Teja wrote:
>
> Hi Bill,
> Do you have 40,000 clients?
> Yes some times the dhcp client traffic reaches nearly 40-50k in my
> environment.
> What is you goal here?
> I want to avoid the untrusted dhcp clients to request the server and fill
> up the leases, So I went through internet and found that option 82 can be a
> similar functionality.
> Link I checked for:
> https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
>
>
> This example has a few problems:
> It defines classes inside the subnet, this is not a good idea. Keep
> declarations global.
> It does not prevent unknown-clients from getting an IP from any of the
> pools, it is missing the deny unknown-clients; statement.
> allow members of "VLAN10"; denies other classes but
> does not deny unknown-clients as you seem to want.
>
> The set up is similar to my environment using relay agents to forward the
> packets I want to replicate the setup in my environment. The
> adobe techniques is like authenticating the requests and then granting IP
>
>
>
>
> On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <
> bill at c3po.polymerindustries.biz> wrote:
>
>> Yeah, I had found that web page too. But note later on that page he
>> states about his patch:
>> This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent
>> of CPU with 40.000 DHCP clients.
>> Do you have 40,000 clients?
>>
>> I use many classes in my DHCP configurations on 15+ servers. I haven't
>> had a problem
>> with DHCP eating up all the resources.
>>
>> What is you goal here? Are you wanting to assign a fixed address for
>> each client?
>>
>> Bill
>> On 9/27/2019 7:32 AM, Surya Teja wrote:
>>
>> Hi Bill Thanks for reply
>> Why are you avoiding the class statement?
>> In one of the google forum I have read the statement saying like
>> The internal implementation in ISC DHCPD of classes is such that it
>> scales in a non-linar way - O(N^2) or something. So suddenly you'll end up
>> with dhcpd eating 100% CPU.
>> So I just want to avoid the classes
>> While surfing I found that for the host declaration statements we can use
>> the syntax like
>>
>> EX: host client-name-1 {
>> *host-identifier option agent.circuit-id "dslam42.port22";*
>> hardware ethernet 00:e0:4c:a7:ca:de;
>> fixed-address 192.168.0.6;
>> }
>>
>> So I just want to know any config statements similar like above applies
>> for scope sections
>>
>> What does the agent.circuit-id and agent.remote-id contain? I can't
>> figure out why you're using substring on these values (in your original
>> post).
>> It is just sample example I found in the forum, I don't have issue with
>> directly checking without using the substring function or binary-to-ascii to
>> cross check the values
>>
>> Thanks
>>
>>
>> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
>> bill at c3po.polymerindustries.biz> wrote:
>>
>>> Options in a pool are options to be *sent* not matched.
>>>
>>> Why are you avoiding the class statement? What does the agent.circuit-id
>>> and agent.remote-id contain?
>>> I can't figure out why you're using substring on these values (in your
>>> original post).
>>>
>>> Bill
>>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>>
>>> Hi
>>> It might be too many questions but I wan to configure my dhcpd
>>> configuration file by avoiding the classes as much as possible
>>> If the subnet is configured as like below snippet
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>> pool {
>>> range 192.168.10.10 192.168.10.199;
>>> option subnet-mask 255.255.255.0;
>>> option routers 10.1.10.1;
>>> option domain-name "test.com";
>>> option agent.circuit-id "22";
>>> option agent.remote-id "192.168.10.242";
>>> }
>>> }
>>> can we achieve the option 82 configuration setup with above snippet
>>> Thanks in advance and or if any reference links to setup the option 82
>>> functionality without class can also be appreciated
>>>
>>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja042 at gmail.com>
>>> wrote:
>>>
>>>> Hi is the option 82 supported by using class concept only ?
>>>> or can it be defined as other general options like domain-name server,
>>>> router in scope section ?
>>>>
>>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja042 at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> I am trying to configure the dhcp option 82, went through the google
>>>>> forums and one of it suggest the syntax like
>>>>> # vim /etc/dhcp/dhcpd.conf
>>>>> ########################################################
>>>>> log-facility local7;
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *class "VLAN10" { match if
>>>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>>>> # VLAN10 class "VLAN20" { match if ( substring(option
>>>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>>> pool {
>>>>> *allow members of "VLAN10";*
>>>>> default-lease-time 600;
>>>>> max-lease-time 7200;
>>>>> range 192.168.10.1
>>>>> 192.168.10.199;
>>>>> option routers 192.168.10.254;
>>>>> option broadcast-address 192.168.10.255;
>>>>> option subnet-mask 255.255.255.0;
>>>>> option domain-name-servers 4.2.2.2;
>>>>> }
>>>>> }
>>>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>>>> pool {
>>>>> * allow members of "VLAN20";*
>>>>> default-lease-time 600;
>>>>> max-lease-time 7200;
>>>>> range 192.168.20.20 192.168.20.199;
>>>>> option routers 192.168.20.254;
>>>>> option broadcast-address 192.168.20.255;
>>>>> option subnet-mask 255.255.255.0;
>>>>> option domain-name-servers 4.2.2.2;
>>>>>
>>>>> }
>>>>> (Just ignore ip values)
>>>>> can we configure this concept only by using classes and make it allow
>>>>> or deny like that?
>>>>> or can we use the option space concept to get it worked(do we have any
>>>>> other syntax). Thanks in advance
>>>>>
>>>>
>>> _______________________________________________
>>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>> _______________________________________________
>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/6632be5c/attachment-0001.html>
More information about the dhcp-users
mailing list