Send dhcp-users mailing list submissions to
        dhcp-users@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
        dhcp-users-requ...@lists.isc.org

You can reach the person managing the list at
        dhcp-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Re: AW: AW: AW: Vendor-specific information class integration
      (Alex Moen)
   2. option dhcp-server-identifier (John Ratliff)
   3. Re: option dhcp-server-identifier (Thomas Markwalder)


----------------------------------------------------------------------

Message: 1
Date: Tue, 11 Oct 2016 09:37:25 -0500
From: Alex Moen <al...@ndtel.com>
To: dhcp-users@lists.isc.org
Subject: Re: AW: AW: AW: Vendor-specific information class integration
Message-ID: <e26f0f0a-62e7-7e25-17a6-613c068cf...@ndtel.com>
Content-Type: text/plain; charset=utf-8; format=flowed

On 10/11/2016 03:53 AM, Vitali Kari wrote:
> Hi Alex,
>
> please change in your class:
> vendor-string = "CALIX ONT";
> to
> set vendor-string = "CALIX ONT";
>
>
> Best regards
> Mit freundlichen Gr??en
>
> Vitali Kari
> Teamleiter NGN
>
>
> -----Urspr?ngliche Nachricht-----
> Von: dhcp-users [mailto:dhcp-users-boun...@lists.isc.org] Im Auftrag von Alex 
> Moen
> Gesendet: Montag, 10. Oktober 2016 22:20
> An: dhcp-users@lists.isc.org
> Betreff: Re: AW: AW: Vendor-specific information class integration
>
> Answers inline...
>
> On 10/10/2016 03:03 PM, Vitali Kari wrote:
>> Does the device ask for option 43 in DHCPDISCOVER?
>
> Yes, it does.  Sorry I didn't include that fact.
>
>> If not you have to put that in option manually by add this line in your 
>> class definition:
>> option dhcp-parameter-request-list = concat(option
>> dhcp-parameter-request-list,2b); # adds option 43
>
> And, I do have that in my config, as shown below in my original email today.  
> So, even if it isn't being requested, if the class is matched, the option 
> should be added, right?
>
>> btw. You can add a logging line to class to confirm that the right class is 
>> matched:
>> log (info, "INFO: Match Class XY");
>
> Good tip!  I have added that, and the class is being matched according to the 
> log entries. So, that leaves the question as to why the option is not being 
> forwarded in the OFFER?
>
> TIA,
>
> Alex
>
>
>>
>> OK... still working on this, and not having much luck.
>>
>> First of all, I have two devices that I am dealing with.  One of the
>> devices (the calix-ont class) has a vendor-class-identifier of "CALIX
>> ONT" (as found in a wireshark capture).  The other (the calix-844ge
>> class) has a vendor-class-identifier of "844GE-1.ONT.dslforum.org". I am 
>> trying to get the DHCP server to send the proper Option 43 (hex 2b) 
>> information based on the vendor-class-identifier.
>>
>> So, in my dhcpd.conf file, I have:
>>
>> -------------------------------------------------------------
>> option space CALIX-ONT-SERVER;
>> option CALIX-ONT-SERVER.cms-address code 1 = ip-address; option
>> CALIX-ONT-SERVER.second-tftp-address code 2 = ip-address; option
>> CALIX-ONT-SERVER.validateMIC code 3 = boolean; option
>> CALIX-ONT-SERVER.syslog-address code 4 = ip-address; option
>> CALIX-ONT-SERVER.firmware1 code 101 = text; option
>> CALIX-ONT-SERVER.firmware2 code 102 = text; option
>> CALIX-ONT-SERVER.firmware3 code 103 = text; option
>> CALIX-ONT-SERVER.firmware4 code 104 = text; option
>> CALIX-ONT-SERVER.firmware5 code 105 = text; option
>> CALIX-ONT-SERVER.force-firmware code 200 = boolean;
>>
>> class "calix-ont" {
>>          match if(substring(option vendor-class-identifier,0,9) = "CALIX 
>> ONT");
>>          option dhcp-parameter-request-list = concat(option 
>> dhcp-parameter-request-list,2b);
>>          vendor-option-space CALIX-ONT-SERVER;
>>          vendor-string = "CALIX ONT";
>> }
>>
>> option space CALIXGC;
>> option CALIXGC.acs-url code 1 = text;
>> option CALIXGC.acs-url-supp code 5 = text;
>>
>> class "calix-844ge" {
>>          match if(substring(option vendor-class-identifier,0,5) = "844GE");
>>          option dhcp-parameter-request-list = concat(option 
>> dhcp-parameter-request-list,2b);
>>          vendor-option-space CALIXGC;
>>          vendor-string = "844GE";
>> }
>>
>> -------------------------------------------------------------
>>
>> and, in my subnet file, I have:
>>
>> -------------------------------------------------------------
>>
>> subnet 10.57.100.0 netmask 255.255.252.0 {
>>          option routers 10.57.103.254;
>>          option subnet-mask 255.255.252.0;
>>          default-lease-time 259200;
>>          max-lease-time 259200;
>>          server-name "66.163.129.244";
>>          if vendor-string = "CALIX ONT" {
>>                  option CALIX-ONT-SERVER.cms-address 66.163.129.244;
>>                  option CALIX-ONT-SERVER.second-tftp-address 66.163.129.244;
>>                  option CALIX-ONT-SERVER.force-firmware on;
>>                  option CALIX-ONT-SERVER.syslog-address 66.163.129.244;
>>                  option CALIX-ONT-SERVER.validateMIC off;
>>          }
>>          else if vendor-string = "844GE" {
>>                  option CALIXGC.acs-url 
>> "http://gcs.calix.com:8080/125053/8w9ZZJF9q4";;
>>          }
>>
>> class "10.57.100.50/Ethernet1:Vlan2" {
>>          match if option agent.circuit-id = "10.57.100.50/Ethernet1:Vlan2";
>>          }
>>          pool {
>>                  allow members of "10.57.100.50/Ethernet1:Vlan2";
>>                  range 10.57.100.1;
>>                  deny dynamic bootp clients;
>>
>>          }
>> class "10.57.100.50/Ethernet2:Vlan2" {
>>          match if option agent.circuit-id = "10.57.100.50/Ethernet2:Vlan2";
>>          }
>>          pool {
>>                  allow members of "10.57.100.50/Ethernet2:Vlan2";
>>                  range 10.57.100.2;
>>                  deny dynamic bootp clients;
>>          }
>>
>> -------------------------------------------------------------
>>
>> and on and on, until the end of the subnet.
>>
>> In my pcap, I do not see any of the option 43 info being sent to the device. 
>>  At all.  No matter which device is requesting.
>>
>> What am I missing?


{FACEPALM}

OK, that fixed it!  Silly syntax error...

Thanks so much for the help, Vitaly!

Alex


------------------------------

Message: 2
Date: Tue, 11 Oct 2016 22:39:51 -0400 (EDT)
From: "John Ratliff" <jratl...@bluemarble.net>
To: dhcp-users@lists.isc.org
Subject: option dhcp-server-identifier
Message-ID:
        <13c3d92eab2da61d40840002a407df39.squir...@webmail.smithville.com>
Content-Type: text/plain;charset=iso-8859-1

I have a pair of isc dhcp servers, version 4.3.1 on Debian 8 Jessie.

I do not want to use the DHCP failover protocol. Instead, I want to use a
virtual IP on the primary active server, and have the backup server
shutdown. I have a cronjob to sync the lease file automatically, but
failover will be strictly a manual process.

It seems that the running server always sends packets from the primary IP
on the NIC, and sets the dhcp-server-identifier option to this IP. So when
a DHCP client tries to renew, if the server has changed, it takes quite a
while before the client realizes this. If I could change the packet and
the dhcp-server-identifier to be the virtual IP, the clients wouldn't have
this problem.

Is there a way to configure this in isc-dhcp?

Thanks.

--John




------------------------------

Message: 3
Date: Wed, 12 Oct 2016 05:56:44 -0400
From: Thomas Markwalder <tm...@isc.org>
To: dhcp-users@lists.isc.org
Subject: Re: option dhcp-server-identifier
Message-ID: <878b8ef9-d5e5-58b4-e7aa-c76e3ed8e...@isc.org>
Content-Type: text/plain; charset=windows-1252

On 10/11/16 10:39 PM, John Ratliff wrote:
> I have a pair of isc dhcp servers, version 4.3.1 on Debian 8 Jessie.
>
> I do not want to use the DHCP failover protocol. Instead, I want to use a
> virtual IP on the primary active server, and have the backup server
> shutdown. I have a cronjob to sync the lease file automatically, but
> failover will be strictly a manual process.
>
> It seems that the running server always sends packets from the primary IP
> on the NIC, and sets the dhcp-server-identifier option to this IP. So when
> a DHCP client tries to renew, if the server has changed, it takes quite a
> while before the client realizes this. If I could change the packet and
> the dhcp-server-identifier to be the virtual IP, the clients wouldn't have
> this problem.
>
> Is there a way to configure this in isc-dhcp?
>
> Thanks.
>
> --John
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

Hello John:


You should be able to use the "server-identifier" configuration
parameter to fix the value used to the desired IP address.  From
dhcpd.conf.5:

"The server-identifier statement

    server-identifier hostname;

    The  server-identifier  statement  can be used to define the value
    that is sent in the DHCP Server  Identifier  option  for  a  given
    scope.   The  value  specified  must be an IP address for the DHCP
    server, and must be reachable by all clients served by a  particu-
    lar scope.

    The  use  of  the server-identifier statement is not recommended -
    the only reason to use it is to  force  a  value  other  than  the
    default  value  to  be  sent  on occasions where the default value
    would be incorrect.  The default value is  the  first  IP  address
    associated  with  the  physical  network  interface  on  which the
    request arrived.

    The usual case where the server-identifier statement needs  to  be
    sent  is  when  a physical interface has more than one IP address,
    and the one being sent by default isn't appropriate  for  some  or
    all clients served by that interface.  Another common case is when
    an alias is defined for the purpose  of  having  a  consistent  IP
    address  for  the  DHCP server, and it is desired that the clients
    use this IP address when contacting the server.

    Supplying a value for the dhcp-server-identifier option is equiva-
    lent to using the server-identifier statement."


Regards,

Thomas Markwalder

ISC Software Engineering



------------------------------

Subject: Digest Footer

_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

------------------------------

End of dhcp-users Digest, Vol 96, Issue 16
******************************************

Reply via email to