|
|
|
|
Hey folks,
I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
Here's a config snippet which can probably explain things a lot faster:
class "my_dhcp6" {
match if option dhcp6.interface-id = "GOOD_DHCP6";
log(info, option dhcp6.interface-id);
}
log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";
shared-network "network6" {
subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
}
subnet6 2607:fa40:fffe::/48 {
pool6 {
allow members of "my_dhcp6";
prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
range6 2607:fa40:fffe:9000::/56;
}
}
}
When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
Is this functionality supported?
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission,
dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then
delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Hey folks,
I hate to be a pain about this, but is this possible?
From: David Ramage
Sent: Thursday, June 01, 2017 4:17 PM
To: [hidden email]
Subject: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
Here's a config snippet which can probably explain things a lot faster:
class "my_dhcp6" {
match if option dhcp6.interface-id = "GOOD_DHCP6";
log(info, option dhcp6.interface-id);
}
log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";
shared-network "network6" {
subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
}
subnet6 2607:fa40:fffe::/48 {
pool6 {
allow members of "my_dhcp6";
prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
range6 2607:fa40:fffe:9000::/56;
}
}
}
When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
Is this functionality supported?
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission,
dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then
delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Have you confirmed that the incoming requests match your requirements for your class? No extraneous spaces or characters in addition to what you are matching
on?
From: dhcp-users [mailto:[hidden email]]
On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:17 AM
To: [hidden email]
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I hate to be a pain about this, but is this possible?
From: David Ramage
Sent: Thursday, June 01, 2017 4:17 PM
To: [hidden email]
Subject: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
Here's a config snippet which can probably explain things a lot faster:
class "my_dhcp6" {
match if option dhcp6.interface-id = "GOOD_DHCP6";
log(info, option dhcp6.interface-id);
}
log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";
shared-network "network6" {
subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
}
subnet6 2607:fa40:fffe::/48 {
pool6 {
allow members of "my_dhcp6";
prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
range6 2607:fa40:fffe:9000::/56;
}
}
}
When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
Is this functionality supported?
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom
it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication
in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication
after it was originally sent.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Thank you for your fast response Patrick.
I just double checked the config on the router and looked at a packet capture as well. I don’t see any white space.
From: dhcp-users [mailto:[hidden email]]
On Behalf Of Patrick Trapp
Sent: Monday, June 05, 2017 8:21 AM
To: Users of ISC DHCP <[hidden email]>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Have you confirmed that the incoming requests match your requirements for your class? No extraneous spaces or characters in addition to what you are matching
on?
From: dhcp-users [[hidden email]]
On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:17 AM
To: [hidden email]
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I hate to be a pain about this, but is this possible?
From: David Ramage
Sent: Thursday, June 01, 2017 4:17 PM
To: [hidden email]
Subject: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
Here's a config snippet which can probably explain things a lot faster:
class "my_dhcp6" {
match if option dhcp6.interface-id = "GOOD_DHCP6";
log(info, option dhcp6.interface-id);
}
log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";
shared-network "network6" {
subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
}
subnet6 2607:fa40:fffe::/48 {
pool6 {
allow members of "my_dhcp6";
prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
range6 2607:fa40:fffe:9000::/56;
}
}
}
When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
Is this functionality supported?
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom
it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication
in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication
after it was originally sent.
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission,
dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then
delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
I’m not going to be your best resource on this list, I was just trying to think how I would dig into this if I were you. I would be investigating that possibility.
You’ve confirmed the data matches – can you see in the packet capture that the field name is an exact match, also? Just working from the assumption that it should work, why might it not be working, you know? Sorry I cannot say whether it is definitely or definitely
not functionality that works.
Patrick
From: dhcp-users [mailto:[hidden email]]
On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:58 AM
To: Users of ISC DHCP <[hidden email]>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Thank you for your fast response Patrick.
I just double checked the config on the router and looked at a packet capture as well. I don’t see any white space.
From: dhcp-users [[hidden email]]
On Behalf Of Patrick Trapp
Sent: Monday, June 05, 2017 8:21 AM
To: Users of ISC DHCP <[hidden email]>
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Have you confirmed that the incoming requests match your requirements for your class? No extraneous spaces or characters in addition to what you are matching
on?
From: dhcp-users [[hidden email]]
On Behalf Of David Ramage
Sent: Monday, June 5, 2017 10:17 AM
To: [hidden email]
Subject: RE: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I hate to be a pain about this, but is this possible?
From: David Ramage
Sent: Thursday, June 01, 2017 4:17 PM
To: [hidden email]
Subject: Is it possible to build classes on dhcp6.interface-id or dhcp6.remote-id?
Hey folks,
I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
Here's a config snippet which can probably explain things a lot faster:
class "my_dhcp6" {
match if option dhcp6.interface-id = "GOOD_DHCP6";
log(info, option dhcp6.interface-id);
}
log(info, option dhcp6.remote-id);
# The path of the lease file
dhcpv6-lease-file-name "/srv/dhcpd6.leases";
shared-network "network6" {
subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
}
subnet6 2607:fa40:fffe::/48 {
pool6 {
allow members of "my_dhcp6";
prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
range6 2607:fa40:fffe:9000::/56;
}
}
}
When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
Is this functionality supported?
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom
it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication
in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication
after it was originally sent.
The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom
it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication
in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication
after it was originally sent.
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
|
Hi,
On Thu, 1 Jun 2017, David Ramage wrote:
> Hey folks,
>
> I'm trying to restrict access to a pool of addresses based on either the dhcp6 interface id or remote id (I've tried both, same outcome).
>
>
> Here's a config snippet which can probably explain things a lot faster:
>
>
> class "my_dhcp6" {
> match if option dhcp6.interface-id = "GOOD_DHCP6";
> log(info, option dhcp6.interface-id);
> }
you might want to look into the v6relopt function introduced with isc dhcp-4.3.5.
It allows you to pick the dhcp6.interface-id neaerest to the client request as follows:
v6relopt 1 dhcp6.interface-id = "foo"
Please sniff your dhcp packets on the dhcp server and have a look exactly where you relay agent inserts the interface-id.
The interface-id is not in the actual dhcp request but in the relay message that encapsulates the dhcp request.
There may be multiple levels on nesting depending on how many relay agents are in the path between the client and the dhcp server.
Then adjust v6relopt according to which option you like to see.
Greetings
Christian
>
>
> log(info, option dhcp6.remote-id);
> # The path of the lease file
> dhcpv6-lease-file-name "/srv/dhcpd6.leases";
>
> shared-network "network6" {
> subnet6 2607:fa40:fffd:0:0:0:0:0/64 {
> }
> subnet6 2607:fa40:fffe::/48 {
> pool6 {
> allow members of "my_dhcp6";
> prefix6 2607:fa40:fffe:9100:: 2607:fa40:fffe:ffff:: /64;
> range6 2607:fa40:fffe:9000::/56;
> }
> }
> }
>
>
> When I do this, I get errors about no addresses being available. As soon as I remove the allow_members statement from the pool, it works. I'm doing this with DHCPD 4.3.5.
>
>
> Is this functionality supported?
>
> ________________________________
> The information contained in this email and any attachments may be privileged, confidential, and/or proprietary and is intended solely for the use of the person(s) to whom it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or any other use of the information contained in this email and any attachments is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by replying to this email and then delete this material from any system that it may be on. LightSpeed Networks, Inc. does not accept responsibility for any changes made to the information contained in this communication after it was originally sent.
>
--
Christian Kratzer CK Software GmbH
Email: [hidden email] Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
|
|
Locked
