Configuring option 82

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuring option 82

Teja
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Teja
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Teja
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Bill Shirley-2

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Teja
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Bill Shirley-2

Yeah, I had found that web page too.  But note later on that page he states about his patch:
This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent of CPU with 40.000 DHCP clients.
Do you have 40,000 clients?

I use many classes in my DHCP configurations on 15+ servers.  I haven't had a problem
with DHCP eating up all the resources.

What is you goal here?  Are you wanting to assign a fixed address for each client?

Bill

On 9/27/2019 7:32 AM, Surya Teja wrote:
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Sten Carlsen
Looking at the web page, I see that he defines his classes inside the subnet, this is bad advice, it will not do what you may want.
Classes are global wherever they are defined just as host statements. They both inherit some things from the place of definition and use it elsewhere to great frustration for the guy trying to debug this.

Place class and host definitions in the global scope, that causes least problems.

On 27/09/2019 15.25, Bill Shirley wrote:

Yeah, I had found that web page too.  But note later on that page he states about his patch:
This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent of CPU with 40.000 DHCP clients.
Do you have 40,000 clients?

I use many classes in my DHCP configurations on 15+ servers.  I haven't had a problem
with DHCP eating up all the resources.

What is you goal here?  Are you wanting to assign a fixed address for each client?

Bill

On 9/27/2019 7:32 AM, Surya Teja wrote:
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Teja
In reply to this post by Bill Shirley-2
Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my environment.
What is you goal here?  
I want to avoid the untrusted dhcp clients to request the server and fill up the leases, So I went through internet and found that option 82 can be a similar functionality.
 The set up is similar to my environment using relay agents to forward the packets I want to replicate the setup in my environment. The adobe techniques is like authenticating the requests and then granting IP


  

On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <[hidden email]> wrote:

Yeah, I had found that web page too.  But note later on that page he states about his patch:
This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent of CPU with 40.000 DHCP clients.
Do you have 40,000 clients?

I use many classes in my DHCP configurations on 15+ servers.  I haven't had a problem
with DHCP eating up all the resources.

What is you goal here?  Are you wanting to assign a fixed address for each client?

Bill

On 9/27/2019 7:32 AM, Surya Teja wrote:
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Sten Carlsen


On 27/09/2019 15.59, Surya Teja wrote:
Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my environment.
What is you goal here?  
I want to avoid the untrusted dhcp clients to request the server and fill up the leases, So I went through internet and found that option 82 can be a similar functionality.
This example has a few problems:
It defines classes inside the subnet, this is not a good idea. Keep declarations global.
It does not prevent unknown-clients from getting an IP from any of the pools, it is missing the deny unknown-clients; statement.
allow members of                "VLAN10";        denies other classes but does not deny unknown-clients as you seem to want.
 The set up is similar to my environment using relay agents to forward the packets I want to replicate the setup in my environment. The adobe techniques is like authenticating the requests and then granting IP


  

On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <[hidden email]> wrote:

Yeah, I had found that web page too.  But note later on that page he states about his patch:
This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent of CPU with 40.000 DHCP clients.
Do you have 40,000 clients?

I use many classes in my DHCP configurations on 15+ servers.  I haven't had a problem
with DHCP eating up all the resources.

What is you goal here?  Are you wanting to assign a fixed address for each client?

Bill

On 9/27/2019 7:32 AM, Surya Teja wrote:
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Teja
Hi Sten, 
Thanks for advice, I just want to make sure that my DHCP server will grant IP from particular subnet to the clients which has 
specified value in agent.circuit-id/ agent.remote-id suboptions of option 82 from request packets (DHCP relay will be adding the option 82 info to request packet)


it is missing the deny unknown-clients; statement. ------------->
It will deny all the clients that does not have host declaration ? sorry I am not confirm about this

  Thanks 
  Surya


On Fri, Sep 27, 2019 at 7:51 PM Sten Carlsen <[hidden email]> wrote:


On 27/09/2019 15.59, Surya Teja wrote:
Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my environment.
What is you goal here?  
I want to avoid the untrusted dhcp clients to request the server and fill up the leases, So I went through internet and found that option 82 can be a similar functionality.
This example has a few problems:
It defines classes inside the subnet, this is not a good idea. Keep declarations global.
It does not prevent unknown-clients from getting an IP from any of the pools, it is missing the deny unknown-clients; statement.
allow members of                "VLAN10";        denies other classes but does not deny unknown-clients as you seem to want.
 The set up is similar to my environment using relay agents to forward the packets I want to replicate the setup in my environment. The adobe techniques is like authenticating the requests and then granting IP


  

On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <[hidden email]> wrote:

Yeah, I had found that web page too.  But note later on that page he states about his patch:
This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent of CPU with 40.000 DHCP clients.
Do you have 40,000 clients?

I use many classes in my DHCP configurations on 15+ servers.  I haven't had a problem
with DHCP eating up all the resources.

What is you goal here?  Are you wanting to assign a fixed address for each client?

Bill

On 9/27/2019 7:32 AM, Surya Teja wrote:
Hi Bill Thanks for reply
Why are you avoiding the class statement?  
In one of the google forum I have read the statement saying like 
The internal implementation in ISC DHCPD of classes is such that it scales in a non-linar way - O(N^2) or something. So suddenly you'll end up with dhcpd eating 100% CPU.
So I just want to avoid the classes 
While surfing I found that for the host declaration statements we can use the syntax like 
EX: host client-name-1 {
		host-identifier option agent.circuit-id "dslam42.port22";
		hardware ethernet 00:e0:4c:a7:ca:de;
		fixed-address 192.168.0.6;
	}
 So I just want to know any config statements similar like above applies for scope sections

What does the agent.circuit-id and agent.remote-id contain? I can't figure out why you're using substring on these values (in your original post).
It is just sample example I found in the forum, I don't have issue with directly checking without using the substring function or binary-to-ascii to cross check the values 

Thanks
 

On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <[hidden email]> wrote:

Options in a pool are options to be sent not matched.

Why are you avoiding the class statement? What does the agent.circuit-id and agent.remote-id contain?
I can't figure out why you're using substring on these values (in your original post).

Bill

On 9/27/2019 3:44 AM, Surya Teja wrote:
Hi 
It might be too many questions but I wan to configure my dhcpd configuration file by avoiding the classes as much as possible
If the subnet is configured as like below snippet 
subnet 192.168.10.0 netmask 255.255.255.0 {  
  pool {  
         range   192.168.10.10 192.168.10.199;  
        option subnet-mask 255.255.255.0;
        option routers 10.1.10.1;
        option domain-name "test.com";
        option agent.circuit-id "22";
        option agent.remote-id "192.168.10.242";
  } 
}
can we achieve the option 82 configuration setup with above snippet
 Thanks in advance and or if any reference links to setup the option 82 functionality without class can also be appreciated

On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <[hidden email]> wrote:
Hi is the option 82 supported by using class concept only ? 
or can it be defined as other general options like domain-name server, router in scope section ?

On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <[hidden email]> wrote:
Hi, 
I am trying to configure the dhcp option 82, went through the google forums and one of it suggest the syntax like
# vim /etc/dhcp/dhcpd.conf
########################################################
log-facility local7;
class "VLAN10" {
        match if binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10";
} # VLAN10
class "VLAN20" {
         match if ( substring(option agent.remote-id,2,15)="10.5.20.4"
and binary-to-ascii(10, 16, "",substring(option agent.circuit-id, 4, 2)) = "2" );
}

subnet 192.168.10.0 netmask 255.255.255.0 {
        pool {
                allow members of                "VLAN10";
                default-lease-time               600;
                max-lease-time                    7200;
                range                           192.168.10.1 192.168.10.199;
                option routers                  192.168.10.254;
                option broadcast-address        192.168.10.255;
                option subnet-mask              255.255.255.0;
                option domain-name-servers      4.2.2.2;
}
}
subnet 192.168.20.0 netmask 255.255.255.0 {
        pool {
        allow members of                "VLAN20";
        default-lease-time              600;
        max-lease-time                  7200;
        range                           192.168.20.20 192.168.20.199;
        option routers                  192.168.20.254;
        option broadcast-address        192.168.20.255;
        option subnet-mask              255.255.255.0;
        option domain-name-servers      4.2.2.2;

}
(Just ignore ip values)
can we configure this concept only by using classes and make it allow or deny like that?
or can we use the option space concept to get it worked(do we have any other syntax). Thanks in advance

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Bob Harold
In reply to this post by Sten Carlsen

On Fri, Sep 27, 2019 at 10:21 AM Sten Carlsen <[hidden email]> wrote:


On 27/09/2019 15.59, Surya Teja wrote:
Hi Bill,
Do you have 40,000 clients?
Yes some times the dhcp client traffic reaches nearly 40-50k in my environment.
What is you goal here?  
I want to avoid the untrusted dhcp clients to request the server and fill up the leases, So I went through internet and found that option 82 can be a similar functionality.
This example has a few problems:
It defines classes inside the subnet, this is not a good idea. Keep declarations global.
It does not prevent unknown-clients from getting an IP from any of the pools, it is missing the deny unknown-clients; statement.
allow members of                "VLAN10";        denies other classes but does not deny unknown-clients as you seem to want.

It has been my experience that "allow members of VLAN10" implies "deny all else".
And using "known-clients" or "unknown-clients" in the DHCP config is a bad idea - if a MAC address is given a DHCP Reserved entry in one subnet, that suddenly changes its 'known" status on other subnets causing it to get or lose access to those subnets.  Rarely is there a real need for "known-clients" or  "unknown-clients".

-- 
Bob Harold
 

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Simon Hobson
In reply to this post by Teja
Surya Teja <[hidden email]> wrote:

> I just want to make sure that my DHCP server will grant IP from particular subnet to the clients which has specified value in agent.circuit-id/agent.remote-id suboptions of option 82 from request packets (DHCP relay will be adding the option 82 info to request packet)

You do not need to do anything for that to happen - it's just automagic.
The server will automatically match a client to the right subnet according to either the interface the request comes in on (for local clients) or the Gateway Interface Address (GI-Addr) set by the relay agent (for remote clients).

So lets say you have two subnets: The server is on the 192.168.1.0/24 subnet, and the relay agent is listening on the 192.168.2.0/24 subnet (lets say it's IP is 192.168.2.2). The server receiving a relayed request will find GI-Addr set to 192.168.2.2 and automatically select a client address from the 192.168.2.0/24 subnet declaration. For the server, all it needs is :

<global stuff>
subnet 192.168.1.0 ... {
}
subnet 192.168.2.0 ... {
  <subnet specific options>
  range 192.168.2.xx 192.168.2.xx ;
}

That's really all there is to it. If there are no clients connected locally to the server, then the local subnet (192.168.1.0/24 in this example) can be empty as above.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: Configuring option 82

Niall O'Reilly
In reply to this post by Teja
On 27 Sep 2019, at 12:32, Surya Teja wrote:

> In one of the google forum I have read the statement saying like 
>
> The internal implementation in ISC DHCPD of classes is such that it
> scales in a non-linar way - O(N^2) or something. So suddenly you'll
> end up with dhcpd eating 100% CPU.
>
> So I just want to avoid the classes 

I think you may find that the documentation for dhcpd.conf,
if you read it carefully, will give you more useful insight
than "one of the google forum".

In particular, this:

     SUBCLASSES
        In addition to classes, it is possible to declare subclasses.  A
        subclass is a class with the same name as a regular class, but
with a
        specific submatch expression which is hashed for quick matching.
  This
        is essentially a speed hack - the main difference between five
classes
        with match expressions and one class with five subclasses is
that it
        will be quicker to find the subclasses.

I hope this helps.

Niall O'Reilly
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users