|
|
We plan to enable IPv6 registration like we do with our IPv4(with deny unknown clients), which needs query lease info to get DUID from giving IPv6 address, without omapi support, should we parse lease or log to get DUID from IPv6 address? How do you folks get your DHCPv6 IPv6<->DUID mapping?
If anyone has done IPv6 registration and would like to share your experience, it will be greatly appreciated!! You contact me off list if you want..
Best, Hillary
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
This produces some nice log output that can be parsed for DUID and other important tidbits:
on commit { if exists dhcp6.ia-na { log(debug, concat( "LEASED,", "IP,",binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-na,16,16)),",", "IPTIME,",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,36,4)),",", "DUID,",binary-to-ascii(16, 8, ":", option dhcp6.client-id),",", "DUIDTYPE,",binary-to-ascii(10, 16, "", substring(option dhcp6.client-id,0,2)),",", "DUIDHWTYPE,",binary-to-ascii(10, 16, "", substring(option dhcp6.client-id,2,2)),",", "POSSIBLEMAC,",binary-to-ascii(16, 8, ":", suffix(option dhcp6.client-id,6)) ) ); } if exists dhcp6.ia-pd { log(debug, concat( "LEASED,", "PD,",binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-pd,25,16)),",", "PDLENGTH,",binary-to-ascii(10, 8, "", substring(option dhcp6.ia-pd,24,1)),",", "PDTIME,",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-pd,20,4)),",", "DUID,",binary-to-ascii(16, 8, ":", option dhcp6.client-id),",", "DUIDTYPE,",binary-to-ascii(10, 16, "", substring(option dhcp6.client-id,0,2)),",", "DUIDHWTYPE,",binary-to-ascii(10, 16, "", substring(option dhcp6.client-id,2,2)),",", "POSSIBLEMAC,",binary-to-ascii(16, 8, ":", suffix(option dhcp6.client-id,6)) ) ); } }
It should be noted that these lines:
"IPTIME,",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,36,4)),",","PDTIME,",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-pd,20,4)),",",
which SHOULD give the length of the lease actually give you the length that the client requested which may or may not match the length subsequently allocated. ISC did confirm to me that this was a bug. No idea if they plan to fix it.
From: "Hillary Nelson" <[hidden email]> To: "Users of ISC DHCP" <[hidden email]> Sent: Friday, August 18, 2017 10:14:57 AM Subject: DHCPv6 IP<->DUID mapping ?
We plan to enable IPv6 registration like we do with our IPv4(with deny unknown clients), which needs query lease info to get DUID from giving IPv6 address, without omapi support, should we parse lease or log to get DUID from IPv6 address? How do you folks get your DHCPv6 IPv6<->DUID mapping?
If anyone has done IPv6 registration and would like to share your experience, it will be greatly appreciated!! You contact me off list if you want..
Best, Hillary
_______________________________________________ dhcp-users mailing list [hidden email] https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Hi,
we register DHCPv6 clients by MAC, the same way as DHCPv4. With ISC
server, address association works directly via VLAN interface or relay,
event this way is not i the RFCs.
Milo
Dne 2017-08-18 v 16:14 Hillary Nelson napsal(a):
>
> We plan to enable IPv6 registration like we do with our IPv4(with deny
> unknown clients), which needs query lease info to get DUID from giving
> IPv6 address, without omapi support, should we parse lease or log to get
> DUID from IPv6 address? How do you folks get your DHCPv6 IPv6<->DUID
> mapping?
>
> If anyone has done IPv6 registration and would like to share your
> experience, it will be greatly appreciated!! You contact me off list if
> you want..
>
> Best,
> Hillary
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Great to know it works for you! I wonder do you need to restart DHCPv6 server everytime there are new MAC added, with DHCPv4 we use omapi to add dynamic host entry so no need to restart server.
Here is the relevant config I've been trying, can you share your config if you don't mind, you don't need to use your real IP space: ***************************** shared-network "network-staff" { subnet6 fd01:beef:1::/64 { pool6 { deny known-clients; range6 fd01:beef:1::0/96; } } subnet6 2001:beef:1::/64 { pool6 { deny unknown-clients; range6 2001:beef:1::0/96; } } } host registered-host1 { hardware ethernet 11:22:AA:BB:CC:DD; option host-name "registered-host1"; } *********************************** Thanks! Hillary
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Restart is needed for now. We have two servers in failover and restart
is done one by one, so restart is not issue for us.
But in these days we are preparing LDAP backend for DHCPv4 and v6
servers. When it will be done, restart will not be necessary.
Configuration snippet follows. Now, we have only static records, no
range6. On switches, we have a MAC-radius mechanism, so non-registered
MACs fall into guest VLAN and they get IPv6 by router advertisment and
SLAAC.
shared-network VLAN-4 {
subnet6 2002:817:55:1100::/64 {
}
subnet6 2002:817:55:1101::/64 {
}
subnet6 2002:817:55:1102::/64 {
}
}
shared-network VLAN-100 {
subnet6 2002:817:55:11ee::/64 {
}
}
host atlas.example.com {
hardware ethernet 00:50:56:a5:c6:69;
fixed-address6 2002:817:55:1100::52;
}
host milo.example.com {
hardware ethernet 00:50:56:a5:c6:70;
fixed-address6 2002:817:55:11ee::56;
}
Milo
Dne 2017-08-22 v 16:23 Hillary Nelson napsal(a):
> Great to know it works for you! I wonder do you need to restart DHCPv6
> server everytime there are new MAC added, with DHCPv4 we use omapi to
> add dynamic host entry so no need to restart server.
>
> Here is the relevant config I've been trying, can you share your config
> if you don't mind, you don't need to use your real IP space:
>
> *****************************
> shared-network "network-staff" {
> subnet6 fd01:beef:1::/64 {
> pool6 {
> deny known-clients;
> range6 fd01:beef:1::0/96;
> }
> }
> subnet6 2001:beef:1::/64 {
> pool6 {
> deny unknown-clients;
> range6 2001:beef:1::0/96;
> }
> }
> }
>
> host registered-host1 { hardware ethernet 11:22:AA:BB:CC:DD; option
> host-name "registered-host1"; }
>
> ***********************************
>
> Thanks!
> Hillary
>
>
> On Tue, Aug 22, 2017 at 9:05 AM, Miloslav Hůla < [hidden email]
> <mailto: [hidden email]>> wrote:
>
> Hi,
>
> we register DHCPv6 clients by MAC, the same way as DHCPv4. With ISC
> server, address association works directly via VLAN interface or
> relay, event this way is not i the RFCs.
>
> Milo
>
>
> Dne 2017-08-18 v 16:14 Hillary Nelson napsal(a):
>
>
> We plan to enable IPv6 registration like we do with our
> IPv4(with deny unknown clients), which needs query lease info to
> get DUID from giving IPv6 address, without omapi support, should
> we parse lease or log to get DUID from IPv6 address? How do you
> folks get your DHCPv6 IPv6<->DUID mapping?
>
> If anyone has done IPv6 registration and would like to share
> your experience, it will be greatly appreciated!! You contact me
> off list if you want..
>
> Best,
> Hillary
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email] <mailto: [hidden email]>
> https://lists.isc.org/mailman/listinfo/dhcp-users> < https://lists.isc.org/mailman/listinfo/dhcp-users>
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users>
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
I'm not sure I undestand the question. Probably yes. We are using slapd
(OpenLDAP) and isc-dhcp-server-ldap packages, everythink stock packages
for current Debian Stretch.
Milo
Dne 2017-08-22 v 17:11 Hillary Nelson napsal(a):
> For LDAP backend, do you use the LDAP comes with DHCP source code?
>
>
> Thanks!
> Hillary
>
>
> On Tue, Aug 22, 2017 at 10:48 AM, Miloslav Hůla < [hidden email]
> <mailto: [hidden email]>> wrote:
>
> Restart is needed for now. We have two servers in failover and
> restart is done one by one, so restart is not issue for us.
>
> But in these days we are preparing LDAP backend for DHCPv4 and v6
> servers. When it will be done, restart will not be necessary.
> Configuration snippet follows. Now, we have only static records, no
> range6. On switches, we have a MAC-radius mechanism, so
> non-registered MACs fall into guest VLAN and they get IPv6 by router
> advertisment and SLAAC.
>
>
> shared-network VLAN-4 {
> subnet6 2002:817:55:1100::/64 {
> }
>
> subnet6 2002:817:55:1101::/64 {
> }
>
> subnet6 2002:817:55:1102::/64 {
> }
> }
>
> shared-network VLAN-100 {
> subnet6 2002:817:55:11ee::/64 {
> }
> }
>
>
> host atlas.example.com < http://atlas.example.com> {
> hardware ethernet 00:50:56:a5:c6:69;
> fixed-address6 2002:817:55:1100::52;
> }
>
> host milo.example.com < http://milo.example.com> {
> hardware ethernet 00:50:56:a5:c6:70;
> fixed-address6 2002:817:55:11ee::56;
> }
>
> Milo
>
>
>
> Dne 2017-08-22 v 16:23 Hillary Nelson napsal(a):
>
> Great to know it works for you! I wonder do you need to restart
> DHCPv6 server everytime there are new MAC added, with DHCPv4 we
> use omapi to add dynamic host entry so no need to restart server.
>
> Here is the relevant config I've been trying, can you share your
> config if you don't mind, you don't need to use your real IP space:
>
> *****************************
> shared-network "network-staff" {
> subnet6 fd01:beef:1::/64 {
> pool6 {
> deny known-clients;
> range6 fd01:beef:1::0/96;
> }
> }
> subnet6 2001:beef:1::/64 {
> pool6 {
> deny unknown-clients;
> range6 2001:beef:1::0/96;
> }
> }
> }
>
> host registered-host1 { hardware ethernet 11:22:AA:BB:CC:DD;
> option host-name "registered-host1"; }
>
> ***********************************
>
> Thanks!
> Hillary
>
>
> On Tue, Aug 22, 2017 at 9:05 AM, Miloslav Hůla
> < [hidden email] <mailto: [hidden email]>
> <mailto: [hidden email]
> <mailto: [hidden email]>>> wrote:
>
> Hi,
>
> we register DHCPv6 clients by MAC, the same way as DHCPv4.
> With ISC
> server, address association works directly via VLAN
> interface or
> relay, event this way is not i the RFCs.
>
> Milo
>
>
> Dne 2017-08-18 v 16:14 Hillary Nelson napsal(a):
>
>
> We plan to enable IPv6 registration like we do with our
> IPv4(with deny unknown clients), which needs query
> lease info to
> get DUID from giving IPv6 address, without omapi
> support, should
> we parse lease or log to get DUID from IPv6 address?
> How do you
> folks get your DHCPv6 IPv6<->DUID mapping?
>
> If anyone has done IPv6 registration and would like to
> share
> your experience, it will be greatly appreciated!! You
> contact me
> off list if you want..
>
> Best,
> Hillary
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|