Configuring option 82

Surya Teja suryateja042 at gmail.com
Fri Sep 27 15:16:23 UTC 2019 

Hi Sten,
Thanks for advice, I just want to make sure that my DHCP server will grant
IP from particular subnet to the clients which has
specified value in agent.circuit-id/ agent.remote-id suboptions of option
82 from request packets (DHCP relay will be adding the option 82 info to
request packet)


it is missing the deny unknown-clients; statement. ------------->
It will deny all the clients that does not have host declaration ? sorry I
am not confirm about this

  Thanks
  Surya


On Fri, Sep 27, 2019 at 7:51 PM Sten Carlsen <stenc at s-carlsen.dk> wrote:

>
>
> On 27/09/2019 15.59, Surya Teja wrote:
>
> Hi Bill,
> Do you have 40,000 clients?
> Yes some times the dhcp client traffic reaches nearly 40-50k in my
> environment.
> What is you goal here?
> I want to avoid the untrusted dhcp clients to request the server and fill
> up the leases, So I went through internet and found that option 82 can be a
> similar functionality.
> Link I checked for:
> https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
>
>
> This example has a few problems:
> It defines classes inside the subnet, this is not a good idea. Keep
> declarations global.
> It does not prevent unknown-clients from getting an IP from any of the
> pools, it is missing the deny unknown-clients; statement.
> allow members of                "VLAN10";        denies other classes but
> does not deny unknown-clients as you seem to want.
>
>  The set up is similar to my environment using relay agents to forward the
> packets I want to replicate the setup in my environment. The
> adobe techniques is like authenticating the requests and then granting IP
>
>
>
>
> On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <
> bill at c3po.polymerindustries.biz> wrote:
>
>> Yeah, I had found that web page too.  But note later on that page he
>> states about his patch:
>> This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent
>> of CPU with 40.000 DHCP clients.
>> Do you have 40,000 clients?
>>
>> I use many classes in my DHCP configurations on 15+ servers.  I haven't
>> had a problem
>> with DHCP eating up all the resources.
>>
>> What is you goal here?  Are you wanting to assign a fixed address for
>> each client?
>>
>> Bill
>> On 9/27/2019 7:32 AM, Surya Teja wrote:
>>
>> Hi Bill Thanks for reply
>> Why are you avoiding the class statement?
>> In one of the google forum I have read the statement saying like
>> The internal implementation in ISC DHCPD of classes is such that it
>> scales in a non-linar way - O(N^2) or something. So suddenly you'll end up
>> with dhcpd eating 100% CPU.
>> So I just want to avoid the classes
>> While surfing I found that for the host declaration statements we can use
>> the syntax like
>>
>> EX: host client-name-1 {
>> 		*host-identifier option agent.circuit-id "dslam42.port22";*
>> 		hardware ethernet 00:e0:4c:a7:ca:de;
>> 		fixed-address 192.168.0.6;
>> 	}
>>
>>  So I just want to know any config statements similar like above applies
>> for scope sections
>>
>> What does the agent.circuit-id and agent.remote-id contain? I can't
>> figure out why you're using substring on these values (in your original
>> post).
>> It is just sample example I found in the forum, I don't have issue with
>> directly checking without using the substring function or binary-to-ascii to
>> cross check the values
>>
>> Thanks
>>
>>
>> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
>> bill at c3po.polymerindustries.biz> wrote:
>>
>>> Options in a pool are options to be *sent* not matched.
>>>
>>> Why are you avoiding the class statement? What does the agent.circuit-id
>>> and agent.remote-id contain?
>>> I can't figure out why you're using substring on these values (in your
>>> original post).
>>>
>>> Bill
>>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>>
>>> Hi
>>> It might be too many questions but I wan to configure my dhcpd
>>> configuration file by avoiding the classes as much as possible
>>> If the subnet is configured as like below snippet
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>   pool {
>>>          range   192.168.10.10 192.168.10.199;
>>>         option subnet-mask 255.255.255.0;
>>>         option routers 10.1.10.1;
>>>         option domain-name "test.com";
>>>         option agent.circuit-id "22";
>>>         option agent.remote-id "192.168.10.242";
>>>   }
>>> }
>>> can we achieve the option 82 configuration setup with above snippet
>>>  Thanks in advance and or if any reference links to setup the option 82
>>> functionality without class can also be appreciated
>>>
>>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja042 at gmail.com>
>>> wrote:
>>>
>>>> Hi is the option 82 supported by using class concept only ?
>>>> or can it be defined as other general options like domain-name server,
>>>> router in scope section ?
>>>>
>>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja042 at gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> I am trying to configure the dhcp option 82, went through the google
>>>>> forums and one of it suggest the syntax like
>>>>> # vim /etc/dhcp/dhcpd.conf
>>>>> ########################################################
>>>>> log-facility local7;
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *class "VLAN10" {         match if
>>>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>>>> # VLAN10 class "VLAN20" {          match if ( substring(option
>>>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>>>         pool {
>>>>>                 *allow members of                "VLAN10";*
>>>>>                 default-lease-time               600;
>>>>>                 max-lease-time                    7200;
>>>>>                 range                           192.168.10.1
>>>>> 192.168.10.199;
>>>>>                 option routers                  192.168.10.254;
>>>>>                 option broadcast-address        192.168.10.255;
>>>>>                 option subnet-mask              255.255.255.0;
>>>>>                 option domain-name-servers      4.2.2.2;
>>>>> }
>>>>> }
>>>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>>>>         pool {
>>>>>        * allow members of                "VLAN20";*
>>>>>         default-lease-time              600;
>>>>>         max-lease-time                  7200;
>>>>>         range                           192.168.20.20 192.168.20.199;
>>>>>         option routers                  192.168.20.254;
>>>>>         option broadcast-address        192.168.20.255;
>>>>>         option subnet-mask              255.255.255.0;
>>>>>         option domain-name-servers      4.2.2.2;
>>>>>
>>>>> }
>>>>> (Just ignore ip values)
>>>>> can we configure this concept only by using classes and make it allow
>>>>> or deny like that?
>>>>> or can we use the option space concept to get it worked(do we have any
>>>>> other syntax). Thanks in advance
>>>>>
>>>>
>>> _______________________________________________
>>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>> _______________________________________________
>> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing listdhcp-users at lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/6632be5c/attachment-0001.html>

More information about the dhcp-users mailing list