Using the "vendor-class-identifer" to trigger different scripts

Adam Raymond adam.m.r at gmail.com
Tue May 8 03:03:13 UTC 2018 

Hi,

  I have spent some weeks trying to ISC DHCP daemon to differentiate
between different devices based on the "vendor-class-identifier" or option
60. This is sent to the DHCP server by the device types that I am trying to
configure (in this case a ADVA GE112Pro) and identifies the model of the
GE112Pro that is making the request - we need to configure the box
differently depending on the model. It looks like this from a TCPDUMP: I
have managed to get this working by fittering MAC addresses, but the
different models all use the same OUI (first half of the MAC address) so
cannot be differentiated on this basis.

05:45:53.216955 IP (tos 0x0, ttl 26, id 36530, offset 0, flags [none],
proto UDP (17), length 341)
    10.65.23.253.bootps > man01.syd04.nsw.vocus.net.au.bootps: [udp sum ok]
BOOTP/DHCP, Request from 00:80:ea:ba:60:61 (oui Unknown), length 313, xid
0x5521f6bf, Flags [none] (0x0000)
          Gateway-IP 10.65.23.253
          Client-Ethernet-Address 00:80:ea:ba:60:61 (oui Unknown)
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Lease-Time Option 51, length 4: 43200
            Hostname Option 12, length 17: "FSP150-GE112Pro-H"
            Parameter-Request Option 55, length 6:
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Hostname
            Vendor-Class Option 60, length 25: "ADVA FSP 150-GE112Pro (H)"
            Client-ID Option 61, length 7: ether 00:80:ea:ba:60:61
            END Option 255, length 0

Note: I would happily use option 12 (host-name) as well to make the
differentiation. I still haven't been able to do this.

Aside: I have been taking my names for options from
http://www.ipamworldwide.com/ipam/isc-dhcpv4-options.html.

Most of what I have read on the internet seems to push towards using a
class to do this, similar to:
class "ras-clients" {
  match if substring (option dhcp-client-identifier, 1, 3) = "RAS";
}

But I am yet to get this to work. A bit more information might be
necessary. I am trying to trigger scripts with this differentiation. The
subnet config looks like this:

subnet 172.17.132.0 netmask 255.255.255.0 {
        interface eth0;
        option routers 172.17.132.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 172.17.132.255;
        next-server 172.17.132.68;
        option dhcp-renewal-time 300;
        option dhcp-rebinding-time 30;
        filename "adva_boot";
        option boot-server "labvm800.rlab.nn.com.au";

        set location = "QLD";
        include "/etc/dhcp/on-commit.conf";

        pool {
                max-lease-time 3600;
                range 172.17.132.115 172.17.132.117;
        }
}

The - include "/etc/dhcp/on-commit.conf"; - points to a file that looks
like this:

on commit {
        set clip = binary-to-ascii(10, 8, ".", leased-address);
        set clhw = concat (
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,1,1))),2), ":",
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,2,1))),2), ":",
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,3,1))),2), ":",
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,4,1))),2), ":",
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,5,1))),2), ":",
                suffix (concat ("0", binary-to-ascii (16, 8, "",
substring(hardware,6,1))),2)
        );
        if (substring (clhw,1,8) = "00:80:ea") {
                execute("/usr/local/sbin/scriptA", "commit", clip, clhw,
location);
        } else {
                execute("/usr/local/sbin/scriptB", "commit", clip, clhw,
location);
        }
}

This works but has the issue of being tied down to MAC address matching,
which in the case is pointless as we don't know if the individual MAC
address and need to be albe to automatically determine the model and the
UID is the same for each model.

I have tried the class options with this configuration:

default-lease-time 600;
max-lease-time 7200;

option domain-name "vocus.net";
option domain-name-servers 172.16.79.1, 172.16.79.254;
option ntp-servers 172.16.79.6, 172.16.79.2;

class "GE112Pro" {
        match if (option vendor-class-identifier) = "ADVA FSP 150-GE112Pro"
;
        include "/etc/dhcp/GE112Pro.conf";
}

class "GE112ProH" {
        match if (option vendor-class-identifier) = "ADVA FSP 150-GE112Pro
(H)";
        include "/etc/dhcp/GE112ProH.conf";
}

subnet 172.17.132.0 netmask 255.255.255.0 {
        interface eth0;
        option routers 172.17.132.1;
        option subnet-mask 255.255.255.0;
        option broadcast-address 172.17.132.255;
        next-server 172.17.132.68;
        option dhcp-renewal-time 300;
        option dhcp-rebinding-time 30;

        pool {
                allow members of "GE112Pro";
                include "/etc/dhcp/GE112Pro.conf";
                range 172.17.132.116 172.17.132.116;
        }

        pool {
                allow members of "GE112ProH";
                include "/etc/dhcp/GE112ProH.conf";
                range 172.17.132.115 172.17.132.115;
        }
}

This is on a separate server from the previous setup which is used for
testing. This seems to work in that it assigns an IP address from the
correct pool, but it doesn't run the script in question (which just writes
a line to a file).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20180508/01324b8c/attachment-0001.html>

More information about the dhcp-users mailing list