Configuring option 82
Sten Carlsen
stenc at s-carlsen.dk
Fri Sep 27 14:21:41 UTC 2019
On 27/09/2019 15.59, Surya Teja wrote:
> Hi Bill,
> Do you have 40,000 clients?
> Yes some times the dhcp client traffic reaches nearly 40-50k in my
> environment.
> What is you goal here?
> I want to avoid the untrusted dhcp clients to request the server and
> fill up the leases, So I went through internet and found that option
> 82 can be a similar functionality.
> Link I checked
> for: https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
>
This example has a few problems:
It defines classes inside the subnet, this is not a good idea. Keep
declarations global.
It does not prevent unknown-clients from getting an IP from any of the
pools, it is missing the deny unknown-clients; statement.
allow members of "VLAN10"; denies other classes
but does not deny unknown-clients as you seem to want.
> The set up is similar to my environment using relay agents to forward
> the packets I want to replicate the setup in my environment. The
> adobe techniques is like authenticating the requests and then granting IP
>
>
>
>
> On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley
> <bill at c3po.polymerindustries.biz
> <mailto:bill at c3po.polymerindustries.biz>> wrote:
>
> Yeah, I had found that web page too. But note later on that page
> he states about his patch:
> This has been tested on a Xeon 2.8 Ghz server, it uses just a few
> percent of CPU with 40.000 DHCP clients.
> Do you have 40,000 clients?
>
> I use many classes in my DHCP configurations on 15+ servers. I
> haven't had a problem
> with DHCP eating up all the resources.
>
> What is you goal here? Are you wanting to assign a fixed address
> for each client?
>
> Bill
>
> On 9/27/2019 7:32 AM, Surya Teja wrote:
>> Hi Bill Thanks for reply
>> Why are you avoiding the class statement?
>> In one of the google forum I have read the statement saying like
>> The internal implementation in ISC DHCPD of classes is such that
>> it scales in a non-linar way - O(N^2) or something. So suddenly
>> you'll end up with dhcpd eating 100% CPU.
>> So I just want to avoid the classes
>> While surfing I found that for the host declaration statements we
>> can use the syntax like
>> EX: host client-name-1 {
>> *host-identifier option agent.circuit-id "dslam42.port22";*
>> hardware ethernet 00:e0:4c:a7:ca:de;
>> fixed-address 192.168.0.6;
>> }
>> So I just want to know any config statements similar like above
>> applies for scope sections
>>
>> What does the agent.circuit-id and agent.remote-id contain? I
>> can't figure out why you're using substring on these values (in
>> your original post).
>> It is just sample example I found in the forum, I don't have
>> issue with directly checking without using the substring function
>> or binary-to-ascii to cross check the values
>>
>> Thanks
>>
>>
>> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley
>> <bill at c3po.polymerindustries.biz
>> <mailto:bill at c3po.polymerindustries.biz>> wrote:
>>
>> Options in a pool are options to be *sent* not matched.
>>
>> Why are you avoiding the class statement? What does the
>> agent.circuit-id and agent.remote-id contain?
>> I can't figure out why you're using substring on these values
>> (in your original post).
>>
>> Bill
>>
>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>> Hi
>>> It might be too many questions but I wan to configure my
>>> dhcpd configuration file by avoiding the classes as much as
>>> possible
>>> If the subnet is configured as like below snippet
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>> pool {
>>> range 192.168.10.10 192.168.10.199;
>>> option subnet-mask 255.255.255.0;
>>> option routers 10.1.10.1;
>>> option domain-name "test.com <http://test.com>";
>>> option agent.circuit-id "22";
>>> option agent.remote-id "192.168.10.242";
>>> }
>>> }
>>> can we achieve the option 82 configuration setup with above
>>> snippet
>>> Thanks in advance and or if any reference links to setup
>>> the option 82 functionality without class can also be
>>> appreciated
>>>
>>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja
>>> <suryateja042 at gmail.com <mailto:suryateja042 at gmail.com>> wrote:
>>>
>>> Hi is the option 82 supported by using class concept
>>> only ?
>>> or can it be defined as other general options like
>>> domain-name server, router in scope section ?
>>>
>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja
>>> <suryateja042 at gmail.com <mailto:suryateja042 at gmail.com>>
>>> wrote:
>>>
>>> Hi,
>>> I am trying to configure the dhcp option 82, went
>>> through the google forums and one of it suggest the
>>> syntax like
>>> # vim /etc/dhcp/dhcpd.conf
>>> ########################################################
>>> log-facility local7;
>>> *class "VLAN10" {
>>> match if
>>> binary-to-ascii(10,16,"",substring(option
>>> agent.circuit-id,2,2)) = "10";
>>> } # VLAN10
>>> class "VLAN20" {
>>> match if ( substring(option
>>> agent.remote-id,2,15)="10.5.20.4"
>>> and binary-to-ascii(10, 16, "",substring(option
>>> agent.circuit-id, 4, 2)) = "2" );
>>> }*
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>> pool {
>>> *allow members of
>>> "VLAN10";*
>>> default-lease-time 600;
>>> max-lease-time 7200;
>>> range
>>> 192.168.10.1 192.168.10.199;
>>> option routers
>>> 192.168.10.254;
>>> option broadcast-address
>>> 192.168.10.255;
>>> option subnet-mask
>>> 255.255.255.0;
>>> option domain-name-servers 4.2.2.2;
>>> }
>>> }
>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>> pool {
>>> *allow members of "VLAN20";*
>>> default-lease-time 600;
>>> max-lease-time 7200;
>>> range
>>> 192.168.20.20 192.168.20.199;
>>> option routers 192.168.20.254;
>>> option broadcast-address 192.168.20.255;
>>> option subnet-mask 255.255.255.0;
>>> option domain-name-servers 4.2.2.2;
>>>
>>> }
>>> (Just ignore ip values)
>>> can we configure this concept only by using classes
>>> and make it allow or deny like that?
>>> or can we use the option space concept to get it
>>> worked(do we have any other syntax). Thanks in advance
>>>
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org <mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/345b7eae/attachment-0001.html>
More information about the dhcp-users
mailing list