[Kea-users] Selecting subnet based on circuit-id (INTERNAL)
Allan Tinker
allan at m33access.com
Wed Dec 15 15:03:16 UTC 2021
I missed the question for using the identifier,
So my full identification looks like this,
"library": "/usr/local/lib/kea/hooks/libdhcp_flex_id.so",
"parameters": {
"identifier-expression": "ifelse(substring(option[60].hex,0,18) == 'HT8XX dslforum.org' or substring(option[60].hex,0,18) == 'HT802 dslforum.org' or substring(option[60].hex,0,18) == 'HT812 dslforum.org','GSATA/' + relay4[1].hex,relay4[1].hex)",
"replace-client-id": true
}
If the connected device is a GrandStream device I select a different subnet from my shared subnets. Like this:
"client-classes": [
{
"name": "GS-ATA",
"test" : "substring(option[60].hex,0,18) == 'HT8XX dslforum.org' or substring(option[60].hex,0,18) == 'HT802 dslforum.org' or substring(option[60].hex,0,18) == 'HT812 dslforum.org'",
"option-data": [{"name": "tftp-server-name", "data": "https://portal.m33access.com/GS"}]
},
{
"name": "GPON-DHCP",
"test" : "not member(‘GS-ATA')"
}
],
The last set in the Circuit ID should be the VLAN, So in your case you should be able to pull the last 4 digits and test for it.
In my subnets: (global IPs changed for privates)
"shared-networks": [
{
"name": "GPONNorth",
"interface": "ens224",
"subnet4": [
{
"subnet": "172.16.134.0/23",
"id": 1,
"pools": [ { "pool": "172.16.134.3 - 172.16.135.250" } ],
"option-data": [{"name": "routers", "data": "172.16.134.1"}],
"client-class": "GS-ATA"
},
{
"subnet": “10.0.0.0/24",
"id": 2,
"pools": [ { "pool": “10.0.0.2 - 10.0.0.254” } ],
"option-data": [{"name": "routers", "data": “10.0.0.1"}],
"client-class": "GPON-DHCP"
},
]
},
{
"name": "GPONWest",
"interface": "ens192",
"subnet4": [
{
"subnet": “10.0.1.0/24",
"id" : 4,
"pools": [ { "pool": “10.0.1.2 - 10.0.1.254" } ],
"option-data": [{"name": "routers", "data": “10.0.0.1"}],
"client-class": "GPON-DHCP"
},
{
"subnet": "172.16.136.0/23",
"id": 5,
"pools": [ { "pool": "172.16.136.10 - 172.16.137.250" } ],
"option-data": [{"name": "routers", "data": "172.16.136.1"}],
"client-class": "GS-ATA"
}
]
},
],
My classification is based on the vendor name, Then I use the “interface” command to specify my VLANs.. Since the traffic is already separated, I just set up my box with each VLAN as a separate interface.
I hope this helps
- Allan
> On Dec 15, 2021, at 8:17 AM, Weisteen Per <per.weisteen at telenor.no> wrote:
>
> I believe ISC has released the flex hook for KEA 2.0 in the standard package. At least the flex library is part of the installation under /usr/lib64/kea/hooks/
>
> And defining the library seems to give no error messages.
>
> "library": "/usr/lib64/kea/hooks/libdhcp_flex_option.so",
> "parameters": {
> "identifier-expression": "relay4[2].hex"
> }
>
> Do I need to define circuit-id here under parameters?
>
> My challenge is also how to use circuit-id identifier correctly in a test under client-classes.
>
>
> ./PerW
>
>
> -----Original Message-----
> From: Allan M33 Access <allan at m33access.com>
> Sent: onsdag 15. desember 2021 12:47
> To: Weisteen Per <per.weisteen at telenor.no>
> Cc: kea-users at lists.isc.org
> Subject: Re: [Kea-users] Selecting subnet based on circuit-id (OPEN)
>
> The flexible identifier hook for kea will allow you to use the dhcp option 82 sub option 1 as an identifier for leases. The flex hook is part of the premium hook packages though, purchasable on Isc’s website. The package also comes with the legal logging hook.
>
> My setup has the same concept, for my VLANs I set them up as individual interfaces on my box, then I define those interfaces for each subnet in the configuration. I use the flex it to use the circuit id as an identifier with “replace-client-id”: true
>
> Even though the circuit id does have the VLAN in it, I choose subnets by the interface the packet comes in on instead.
>
> -Allan
>
>> On Dec 15, 2021, at 5:12 AM, Weisteen Per <per.weisteen at telenor.no> wrote:
>>
>> Hi
>>
>> I've just set up KEA 2.0 on a RHEL 8 box using RedHat Repository setup as instructed at cloudsmith.io.
>> Seems that the packages available for me now is kea.x86_64, kea-devel.x86_64, kea-hooks.x86_64 and kea-libs.x86_64 all of which I have installed.
>>
>> Seems though I'm missing some libraries mentioned in the kea-dhcp4.conf file like libdhcp_legal_log.so and control-agent-commands.so but I assume they're not critical.
>>
>> What I initially need is to be able to select beween subnets based on which VLAN/VPN the request comes from. My network guys has set up several Cisco routers which will assign clients to one specific VLAN/VPN if the client manages to authenticate using 802.1x and to another if the authentication fails. Am I correct to believe that Cisco router will supply me with information on which VLAN/VPN a client was assigned to using circuit-id? Is this a parameter already predefined in KEA or do I have to define it somewhere?
>>
>> Thanks,
>>
>>
>> ./PerW
>>
>>
>> _______________________________________________
>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20211215/0599c1fe/attachment-0001.htm>
More information about the Kea-users
mailing list