Example config with option 82, bogus relays

MAtteo HCE Valsasna valsasna at uninsubria.it
Tue Jun 17 08:31:53 UTC 2008 

Il giorno mar, 17/06/2008 alle 00.14 +0000, DHCP Users Mailing List ha
scritto:
> 
> Subject: Example config with option 82
> Date: Mon, 16 Jun 2008 10:15:27 -0500
> From: "Corley, Kenneth L \(Kenny\)" <corley at alcatel-lucent.com>
> 
> > Does anyone have a basic dhcpd config that includes option 82 that
> > they can share?  I am running 3.0.5.
> > 
> > Thanks
> > Kenny
> > 

using option 82 for logging too.
after importing some bits from Blake (dhcp-message-type, leased-address):

if ((option dhcp-message-type = 3) and (exists agent.circuit-id)){
        log(info, concat("relay agent ", binary-to-ascii(10,8,".",option agent.remote-id),
                " forwarded for client ", option host-name,
                ", ", binary-to-ascii(16,8,":", hardware),
                " on circuit ", binary-to-ascii(10,8,".",option agent.circuit-id),
                " for ", binary-to-ascii (10, 8, ".", leased-address)));
}

on top of this log I sometimes run a pretty ugly perl script to produce
a textual relay-agent based network-map (i.e., for each relay agent
print a list of interfaces and hosts (hostname, mac, IP) connected to
each interface. 

part of it is heavly site-specific, as it imports two list of "known"
mac address, and marks unknown addresses in the output, but it may be
useful for some.

on a side topic: from the above map, I notice that one host behave
somewhat like a relay agent, i.e. every dhcp broadcast he sees he
resends it again as broadcast. 
As a consequence, I see the request coming both from the port the
booting client is connected to and from the port to which the bogus
relay is connected:

Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.123 for x.x.x.y
Jun 17 10:16:45 rum dhcpd: relay agent x.x.x.x forwarded for client PC-ericngondiep, 1:0:13:77:64:c7:fb on circuit 0.44 for x.x.x.y

where the client is connected to 0.123, the bogus relay to 0.44

this happens on HP53xx switches, but only for a few "bogus relay" hosts

nmap fingerprints the host as 
OS details: Apple Mac OS X 10.4.10 (Tiger) (Darwin 8.10.0 - 8.11.0)

This is just mildly annoying on my site, but may be a serious problem if
anybody was limiting the number of leases per port.

Did anybody see anything alike?

best regards

MAtteo

More information about the dhcp-users mailing list