Question about logging Option 82

Fri Mar 5 05:56:24 UTC 2010

Hi.

I have isc dhcp server to serve dhcp requests with option 82. Server works. The problem is that it does not
log circuit-id information when request can not be handled but it logs this information when request is
accepted. Very hard to debug switches settings.

When request is success log entry looks like:
----------------------------------------------------------------------------------------------------------------
Mar 5 11:25:40 myhost daemon.err dhcpd: SMAC:0.c.ce.47.7c.0 SWIP:206.71.124.0 VLAN:100 PORT:0 ip:192.168.70.18
#                                       ^^^^^^ - right MAC  ^^^^^^ - wrong ip because c2950 gives MAC in
#                                       Remote-id
----------------------------------------------------------------------------------------------------------------

Here I can see switch mac (can find the switch), see the right vlan-id and port number (0 -- is a first port)
-- all is fine.

When request is failed log entry is:
--------------------------------------------------------------------------------------------------------------
Mar 5 11:45:54 myhost daemon.err dhcpd: DHCPDISCOVER from 00:02:44:1d:7e:ea via eth0: network
192.168.70.16/28: no free leases
--------------------------------------------------------------------------------------------------------------
and that is all

Yes, some switch is configured wrong but I can not see SMAC,VLAN,PORT. Switch sends circuit-id information --
it can be seen in tcpdump but information is not human readable.

I would like to see in logs option 82 information on every (success or no success) dhcp request if circuit-id
is presented. Is it possible ?

my dhcp.conf:
-----------------------------------------------------------------
option domain-name-servers 192.168.0.1, 192.168.10.1;

default-lease-time 43200;
max-lease-time 86400;

ddns-update-style none;
authoritative;

subnet 192.168.1.0 netmask 255.255.254.0 {
}

if exists agent.circuit-id
{
  log ( error, concat(
#       ^^^^^^ - tried here "info" and "debug" -- no result
  "SMAC:",binary-to-ascii(16,8,".",suffix(option agent.remote-id,6)),
  " SWIP:",binary-to-ascii(10,8,".",suffix(option agent.remote-id,4)),
  " VLAN:",binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)),
  " PORT:",binary-to-ascii(10,8,".",suffix(option agent.circuit-id,1)),
  " ip:",binary-to-ascii (10, 8, ".", leased-address)
  ));
}

subnet 192.168.70.16 netmask 255.255.255.240 {
  option routers 192.168.70.17;
  option broadcast-address 192.168.70.31;

  # c2950
  class "192.168.70.18"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "0"
   and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
  class "192.168.70.19"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "1"
   and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
  class "192.168.70.20"{ match if binary-to-ascii (10, 8, "", suffix( option agent.circuit-id, 1)) = "2"
   and binary-to-ascii(16, 8, ".", suffix ( option agent.remote-id,6)) = "0.c.ce.47.7c.0";}
...
  pool { range 192.168.70.18; allow members of "192.192.70.18"; }
  pool { range 192.168.70.19; allow members of "192.192.70.19"; }
  pool { range 192.168.70.20; allow members of "192.192.70.20"; }
... 
}
-----------------------------------------------------------------