Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. omshell more than one object matches (Marc Haber)
2. Override dynamic lease with static reservation (Marc Haber)
3. Re: Override dynamic lease with static reservation
(Christian Kratzer)
4. Re: Override dynamic lease with static reservation (Marc Haber)
5. Re: Configuring option 82 (Surya Teja)
----------------------------------------------------------------------
Message: 1
Date: Fri, 27 Sep 2019 16:24:01 +0200
From: Marc Haber <mh+dhcp-us...@zugschlus.de>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: omshell more than one object matches
Message-ID: <20190927142401.gr13...@torres.zugschlus.de>
Content-Type: text/plain; charset=utf-8
Hi,
once more, I am trying to delete a lease from my database without
interrupting service. I haven't been too successful with that in the
past, but this one is new:
> key chasse-omapi-key
> server 127.0.0.1
obj: <null>
> connect
obj: <null>
> new lease
obj: lease
> set hardware-address = 02:1e:10:1f:00:00
obj: lease
hardware-address = 02:1e:10:1f:00:00
> open
can't open object: more than one object matches key
obj: lease
hardware-address = 02:1e:10:1f:00:00
How would I go on from here? Can I display the objects matching the key?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
------------------------------
Message: 2
Date: Fri, 27 Sep 2019 16:33:09 +0200
From: Marc Haber <mh+dhcp-us...@zugschlus.de>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Override dynamic lease with static reservation
Message-ID: <20190927143309.gs13...@torres.zugschlus.de>
Content-Type: text/plain; charset=utf-8
Hi,
I find it a rather common occurence that a client that currently holds a
dynamic lease should get a static reservation of a different IP address.
Thus, a host entry is put into the configuration and the client
rebooted.
It then asks for the last IP address it knows of, which is the dynamic
address. The server proceeds to look in its database, says "yup, here is
the address".
The usual method is to delete the dynamic address from the database,
which either involves a rather fragile and often misbehaving omshell
process where the only "documentation" is half a mailing list thread
from ten years ago, or shutting down the server and hand-editing the
database file (which is a service interruption).
Is there a configuration option to tell the server "if there is
something static for this client, forget everything dynamic you might
have and NAK the dynami address from the client"?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
------------------------------
Message: 3
Date: Fri, 27 Sep 2019 16:39:31 +0200 (CEST)
From: Christian Kratzer <ck-li...@cksoft.de>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Override dynamic lease with static reservation
Message-ID: <alpine.bsf.2.21.9999.1909271636060....@nocfra1.cksoft.de>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Hi Marc,
On Fri, 27 Sep 2019, Marc Haber wrote:
> Hi,
>
> I find it a rather common occurence that a client that currently holds a
> dynamic lease should get a static reservation of a different IP address.
> Thus, a host entry is put into the configuration and the client
> rebooted.
>
> It then asks for the last IP address it knows of, which is the dynamic
> address. The server proceeds to look in its database, says "yup, here is
> the address".
>
> The usual method is to delete the dynamic address from the database,
> which either involves a rather fragile and often misbehaving omshell
> process where the only "documentation" is half a mailing list thread
> from ten years ago, or shutting down the server and hand-editing the
> database file (which is a service interruption).
>
> Is there a configuration option to tell the server "if there is
> something static for this client, forget everything dynamic you might
> have and NAK the dynami address from the client"?
my experience with isc dhcp is that once you have a host reservation
that matches the client, the host reservation takes precedence over
any historic lease.
This should automatically lead to the server sending a NAK to a client
requesting the old dynamic lease.
If it is not sending a nack then I would think that your host
reservation is not matching the client request. Subnet mismatch or
criteria mismatch.
So you can just leave the lease to expire normally.
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de Wildberger Weg 24/2
Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden
Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart
Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer
Web: http://www.cksoft.de/
------------------------------
Message: 4
Date: Fri, 27 Sep 2019 16:53:57 +0200
From: Marc Haber <mh+dhcp-us...@zugschlus.de>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Override dynamic lease with static reservation
Message-ID: <20190927145357.gt13...@torres.zugschlus.de>
Content-Type: text/plain; charset=utf-8
On Fri, Sep 27, 2019 at 04:39:31PM +0200, Christian Kratzer wrote:
> my experience with isc dhcp is that once you have a host reservation
> that matches the client, the host reservation takes precedence over
> any historic lease.
>
> This should automatically lead to the server sending a NAK to a client
> requesting the old dynamic lease.
Negative, Sir. Not here.
> If it is not sending a nack then I would think that your host
> reservation is not matching the client request. Subnet mismatch or
> criteria mismatch.
Then the reservation would not work after manually removing the dynamic
lease from the database.
> So you can just leave the lease to expire normally.
On my systems, the dynamic lease gets renewed. And renewed. And renewed.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
------------------------------
Message: 5
Date: Fri, 27 Sep 2019 20:46:23 +0530
From: Surya Teja <suryateja...@gmail.com>
To: Sten Carlsen <st...@s-carlsen.dk>
Cc: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: Configuring option 82
Message-ID:
<ca+0ac3wtmop5oek5gcp4vlv9ryucayztkquykrldfqmz_v3...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi Sten,
Thanks for advice, I just want to make sure that my DHCP server will grant
IP from particular subnet to the clients which has
specified value in agent.circuit-id/ agent.remote-id suboptions of option
82 from request packets (DHCP relay will be adding the option 82 info to
request packet)
it is missing the deny unknown-clients; statement. ------------->
It will deny all the clients that does not have host declaration ? sorry I
am not confirm about this
Thanks
Surya
On Fri, Sep 27, 2019 at 7:51 PM Sten Carlsen <st...@s-carlsen.dk> wrote:
>
>
> On 27/09/2019 15.59, Surya Teja wrote:
>
> Hi Bill,
> Do you have 40,000 clients?
> Yes some times the dhcp client traffic reaches nearly 40-50k in my
> environment.
> What is you goal here?
> I want to avoid the untrusted dhcp clients to request the server and fill
> up the leases, So I went through internet and found that option 82 can be a
> similar functionality.
> Link I checked for:
> https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
>
>
> This example has a few problems:
> It defines classes inside the subnet, this is not a good idea. Keep
> declarations global.
> It does not prevent unknown-clients from getting an IP from any of the
> pools, it is missing the deny unknown-clients; statement.
> allow members of "VLAN10"; denies other classes but
> does not deny unknown-clients as you seem to want.
>
> The set up is similar to my environment using relay agents to forward the
> packets I want to replicate the setup in my environment. The
> adobe techniques is like authenticating the requests and then granting IP
>
>
>
>
> On Fri, Sep 27, 2019 at 6:55 PM Bill Shirley <
> b...@c3po.polymerindustries.biz> wrote:
>
>> Yeah, I had found that web page too. But note later on that page he
>> states about his patch:
>> This has been tested on a Xeon 2.8 Ghz server, it uses just a few percent
>> of CPU with 40.000 DHCP clients.
>> Do you have 40,000 clients?
>>
>> I use many classes in my DHCP configurations on 15+ servers. I haven't
>> had a problem
>> with DHCP eating up all the resources.
>>
>> What is you goal here? Are you wanting to assign a fixed address for
>> each client?
>>
>> Bill
>> On 9/27/2019 7:32 AM, Surya Teja wrote:
>>
>> Hi Bill Thanks for reply
>> Why are you avoiding the class statement?
>> In one of the google forum I have read the statement saying like
>> The internal implementation in ISC DHCPD of classes is such that it
>> scales in a non-linar way - O(N^2) or something. So suddenly you'll end up
>> with dhcpd eating 100% CPU.
>> So I just want to avoid the classes
>> While surfing I found that for the host declaration statements we can use
>> the syntax like
>>
>> EX: host client-name-1 {
>> *host-identifier option agent.circuit-id "dslam42.port22";*
>> hardware ethernet 00:e0:4c:a7:ca:de;
>> fixed-address 192.168.0.6;
>> }
>>
>> So I just want to know any config statements similar like above applies
>> for scope sections
>>
>> What does the agent.circuit-id and agent.remote-id contain? I can't
>> figure out why you're using substring on these values (in your original
>> post).
>> It is just sample example I found in the forum, I don't have issue with
>> directly checking without using the substring function or binary-to-ascii to
>> cross check the values
>>
>> Thanks
>>
>>
>> On Fri, Sep 27, 2019 at 4:06 PM Bill Shirley <
>> b...@c3po.polymerindustries.biz> wrote:
>>
>>> Options in a pool are options to be *sent* not matched.
>>>
>>> Why are you avoiding the class statement? What does the agent.circuit-id
>>> and agent.remote-id contain?
>>> I can't figure out why you're using substring on these values (in your
>>> original post).
>>>
>>> Bill
>>> On 9/27/2019 3:44 AM, Surya Teja wrote:
>>>
>>> Hi
>>> It might be too many questions but I wan to configure my dhcpd
>>> configuration file by avoiding the classes as much as possible
>>> If the subnet is configured as like below snippet
>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>> pool {
>>> range 192.168.10.10 192.168.10.199;
>>> option subnet-mask 255.255.255.0;
>>> option routers 10.1.10.1;
>>> option domain-name "test.com";
>>> option agent.circuit-id "22";
>>> option agent.remote-id "192.168.10.242";
>>> }
>>> }
>>> can we achieve the option 82 configuration setup with above snippet
>>> Thanks in advance and or if any reference links to setup the option 82
>>> functionality without class can also be appreciated
>>>
>>> On Thu, Sep 26, 2019 at 7:42 PM Surya Teja <suryateja...@gmail.com>
>>> wrote:
>>>
>>>> Hi is the option 82 supported by using class concept only ?
>>>> or can it be defined as other general options like domain-name server,
>>>> router in scope section ?
>>>>
>>>> On Tue, Sep 24, 2019 at 12:49 PM Surya Teja <suryateja...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>> I am trying to configure the dhcp option 82, went through the google
>>>>> forums and one of it suggest the syntax like
>>>>> # vim /etc/dhcp/dhcpd.conf
>>>>> ########################################################
>>>>> log-facility local7;
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *class "VLAN10" { match if
>>>>> binary-to-ascii(10,16,"",substring(option agent.circuit-id,2,2)) = "10"; }
>>>>> # VLAN10 class "VLAN20" { match if ( substring(option
>>>>> agent.remote-id,2,15)="10.5.20.4" and binary-to-ascii(10, 16,
>>>>> "",substring(option agent.circuit-id, 4, 2)) = "2" ); }*
>>>>> subnet 192.168.10.0 netmask 255.255.255.0 {
>>>>> pool {
>>>>> *allow members of "VLAN10";*
>>>>> default-lease-time 600;
>>>>> max-lease-time 7200;
>>>>> range 192.168.10.1
>>>>> 192.168.10.199;
>>>>> option routers 192.168.10.254;
>>>>> option broadcast-address 192.168.10.255;
>>>>> option subnet-mask 255.255.255.0;
>>>>> option domain-name-servers 4.2.2.2;
>>>>> }
>>>>> }
>>>>> subnet 192.168.20.0 netmask 255.255.255.0 {
>>>>> pool {
>>>>> * allow members of "VLAN20";*
>>>>> default-lease-time 600;
>>>>> max-lease-time 7200;
>>>>> range 192.168.20.20 192.168.20.199;
>>>>> option routers 192.168.20.254;
>>>>> option broadcast-address 192.168.20.255;
>>>>> option subnet-mask 255.255.255.0;
>>>>> option domain-name-servers 4.2.2.2;
>>>>>
>>>>> }
>>>>> (Just ignore ip values)
>>>>> can we configure this concept only by using classes and make it allow
>>>>> or deny like that?
>>>>> or can we use the option space concept to get it worked(do we have any
>>>>> other syntax). Thanks in advance
>>>>>
>>>>
>>> _______________________________________________
>>> dhcp-users mailing
>>> listdhcp-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>> _______________________________________________
>> dhcp-users mailing
>> listdhcp-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
> _______________________________________________
> dhcp-users mailing
> listdhcp-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/dhcp-users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20190927/6632be5c/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 131, Issue 23
*******************************************
