[Kea-users] Option82

Tomek Mrugalski tomasz at isc.org
Fri Mar 16 12:10:15 UTC 2018 

On 16/03/2018 07:19, Batuhan Bakıp wrote:
> I want to use option82 in KEA. I read KEA document but I cannot
> understand how to do. Now I use ISC DHCP and I use option82 successfully.
You posted the same question as a ticket here:
http://kea.isc.org/ticket/5575

It's much better to ask this kind of questions on a mailing list, so
thank you for doing that. Adding trac tickets that are really questions
is troublesome, because they're not meant to be used that way.

Anyway, here's the answer I originally posted to the ticket:

You specified Kea version as 1.1.0. If you are really using 1.1.0,
please upgrade to 1.3.0. There's been a lot of changes and improvements
in the client classification area.

Please take a look at section 8.2.15 here:
​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#dhcp4-client-classifier.
It explains how to define a class in Kea. You definitely want to look at
Chapter 13
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#classify).

You are looking at relay options. What dhcpd expressed as
agent.circuit-id is relay4.option[1].hex in Kea nomenclature and
agent.remote-id is relay4.option[2].hex etc.

If you want to restrict access to specific subnets for certain classes,
you may want to see an example in 8.6.2
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#dhcp4-srv-example-client-class-relay).
It explains how to allow access to certain subnet only to members of
specific class (it's equivalent of allow member of "ABCD").

If you want to restrict access to specific pool, not whole subnet, this
feature will become available in upcoming 1.4. If you want to try it,
the code has been developed already and it's in our git repository.

The question you want to ask yourself is how many such expressions (each
representing a client) do you have? If you want to define many of them,
there's more efficient way to do it: You can define host reservations
(each with its own MAC address) and assign those hosts to a class.
Please take a look at Section 8.3.6
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#reservation4-client-classes).

You can combine this with the class restrictions on pool and subnet level.

Finally, if you want to extract the mac addresses and ports (effectively
using MAC+port switch as client identifier), you can use flex-id to do
that. See Section 14.3.3
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#flex-id).

Hope that helps.
Tomek Mrugalski
ISC

More information about the Kea-users mailing list