URL: https://www.opennet.me/cgi-bin/openforum/vsluhboard.cgi
Форум: vsluhforumID1
Нить номер: 94359
[ Назад ]

Исходное сообщение
"isc-dhcpd option 82"
Отправлено АлексейТ , 09-Фев-13 17:28

возникло несколько вопросов
-dhcpd42 для работы option 82 с сокетом надо собирать?
-как сверить match в dhcpd в логах нет?
-поставил circuit и remote равными 0 для проверки все равно не получается.
dhcpd.conf
subnet 10.0.0.0 netmask 255.0.0.0 {
        class "1" {
                match if (binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1)) = "0") and
                        (binary-to-ascii(16,8,"",substring(option agent.remote-id,2,6)) = "0");
        }
        pool {
                range 10.1.255.2;
                allow members of "1";
        }
tcpdump -i em1 -nn -s 0 -vvv port 67 or port 68
17:23:04.943370 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 568)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from b8:a3:86:14:1d:c8, length 540, xid 0x40ad2c35, Flags [none] (0x0000)
          Client-Ethernet-Address b8:a3:86:14:1d:c8
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether b8:a3:86:14:1d:c8
            Vendor-Class Option 60, length 11: "udhcp 0.9.8"
            Requested-IP Option 50, length 4: 192.168.1.235
            Parameter-Request Option 55, length 11:
              Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
              Domain-Name, RP, BR, TFTP
              Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft
            Agent-Information Option 82, length 6:
              Circuit-ID SubOption 1, length 1: 0
              Remote-ID SubOption 2, length 1: 0
            END Option 255, length 0
            PAD Option 0, length 0, occurs 247
dhcpd.log
Listening on BPF/em1/68:05:ca:04:11:fb/test
Sending on   BPF/em1/68:05:ca:04:11:fb/test
Sending on   Socket/fallback/fallback-net
data: "leased-address" configuration directive: there is no lease associated with this client.
data: "leased-address" configuration directive: there is no lease associated with this client.
DHCPDISCOVER from b8:a3:86:14:1d:c8 via em1: network test: no free leases
DHCPINFORM from 192.168.1.139 via em1: unknown subnet for client address 192.168.1.139
DHCPDISCOVER from b8:a3:86:14:1d:c8 via em1: network test: no free leases
DHCPDISCOVER from 28:92:4a:50:50:90 via em1: network test: no free leases
DHCPDISCOVER from 00:7c:d7:ed:f8:2e via em1: network test: no free leases
DHCPDISCOVER from 00:7c:d7:ed:f8:2e via em1: network test: no free leases
DHCPDISCOVER from 00:7c:d7:ed:f8:2e via em1: network test: no free leases
DHCPDISCOVER from 00:7c:d7:ed:f8:2e via em1: network test: no free leases
DHCPDISCOVER from 28:92:4a:50:50:90 via em1: network test: no free leases
DHCPDISCOVER from 00:7c:d7:ed:f8:2e via em1: network test: no free leases
DHCPINFORM from 192.168.1.43 via em1: unknown subnet for client address 192.168.1.43
DHCPDISCOVER from 00:0e:19:72:f2:7a via em1: network test: no free leases
DHCPDISCOVER from 00:0e:19:72:f2:7a via em1: network test: no free leases

Содержание

isc-dhcpd option 82,John, 20:12 , 09-Фев-13
- isc-dhcpd option 82,АлексейТ, 21:35 , 09-Фев-13
  - isc-dhcpd option 82,John, 21:49 , 09-Фев-13
  - isc-dhcpd option 82,alexmasz, 22:35 , 09-Фев-13
    - isc-dhcpd option 82,АлексейТ, 23:15 , 09-Фев-13
      - isc-dhcpd option 82,alexmasz, 10:40 , 10-Фев-13
        
        isc-dhcpd option 82,АлексейТ, 11:34 , 10-Фев-13
        
        isc-dhcpd option 82,АлексейТ, 13:15 , 10-Фев-13
        
        isc-dhcpd option 82,АлексейТ, 15:29 , 10-Фев-13

Сообщения в этом обсуждении

"isc-dhcpd option 82"
Отправлено John , 09-Фев-13 20:12

class "logging" {
    log(info, concat(
        "VLAN = ", binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 2, 2)),
        ", Port = ", binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)),
        ", AgentIP = ", binary-to-ascii(10, 8, ".", packet(24, 4))
        )
    );
    match if (
        exists agent.circuit-id
    );
}
class "Class_1" {
    match if (
        (
            exists agent.circuit-id
            and
            binary-to-ascii(10, 16, "", substring(option agent.circuit-id, 2, 2)) = "<VLAN_ID>"
        ) or (
            binary-to-ascii(10, 8, ".", packet(12, 3)) = "A.B.C"
        )
    );
}
subnet A.B.C.0 netmask 255.255.255.0 {
    pool {
        option subnet-mask 255.255.255.0;
        option routers A.B.C.254;
        deny dynamic bootp clients;
        allow members of "Class_1";
        range A.B.C.1 A.B.C.253;
    }
}

"isc-dhcpd option 82"
Отправлено АлексейТ , 09-Фев-13 21:35

спасибо за пример конфига, но меня интересует, как мне узнать, что получает dhdcpd в опции 82
данный конфиг также опробовал, без изменений

"isc-dhcpd option 82"
Отправлено John , 09-Фев-13 21:49

> спасибо за пример конфига, но меня интересует, как мне узнать, что получает
> dhdcpd в опции 82
> данный конфиг также опробовал, без изменений
tcpdump, wireshark, ...

"isc-dhcpd option 82"
Отправлено alexmasz , 09-Фев-13 22:35

>> спасибо за пример конфига, но меня интересует, как мне узнать, что получает
>> dhdcpd в опции 82
>Agent-Information Option 82, length 6:
> Circuit-ID SubOption 1, length 1: 0
> Remote-ID SubOption 2, length 1: 0
это он и получает, только затея с нулями, извините, какая-то дурацкая
>> конфиг:
ddns-update-style interim;
default-lease-time 3600;
max-lease-time 7200;
authoritative;
log-facility local7;
ignore client-updates;
log(info, "***");
if exists agent.circuit-id {
        log( info,concat("*Leased ",binary-to-ascii(10,8,".",leased-address)," (with opt82)") );
        log( info,concat("*Remote-ID: ",binary-to-ascii(16,8,":",substring(option agent.remote-id,2,6))) );
        log( info,concat("*Port: ",binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1))) );
} else {
        log( info,concat("*Leased ",binary-to-ascii(10,8,".",leased-address)," (without opt82)") );
}
log(info, "***");
>> дамп:
20:29:01.729003 IP (tos 0x0, ttl 128, id 22004, offset 0, flags [none], proto UDP (17), length 365)
    0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 48:5b:39:7b:db:41, length 337, xid 0xd947daeb, Flags [none] (0x0000)
          Client-Ethernet-Address 48:5b:39:7b:db:41
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Client-ID Option 61, length 7: ether 48:5b:39:7b:db:41
            Requested-IP Option 50, length 4: 192.168.100.130
            Hostname Option 12, length 8: "admin-M-^OM-^J"
            FQDN Option 81, length 11: "admin-M-^OM-^J"
            Vendor-Class Option 60, length 8: "MSFT 5.0"
            Parameter-Request Option 55, length 12:
              Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
              Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
              Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft, Vendor-Option
            Agent-Information Option 82, length 29:
              Circuit-ID SubOption 1, length 19: Vlan100+Ethernet1/1
              Remote-ID SubOption 2, length 6: 250-25
            END Option 255, length 0
20:29:01.738108 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 363)
    192.168.100.2.67 > 192.168.100.130.68: [udp sum ok] BOOTP/DHCP, Reply, length 335, xid 0xd947daeb, Flags [none] (0x0000)
          Your-IP 192.168.100.130
          Client-Ethernet-Address 48:5b:39:7b:db:41
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 192.168.100.2
            Lease-Time Option 51, length 4: 3600
            Subnet-Mask Option 1, length 4: 255.255.255.0
            Domain-Name Option 15, length 15: "dns.here"
            Default-Gateway Option 3, length 4: 192.168.100.1
            Domain-Name-Server Option 6, length 4: 192.168.100.2
            FQDN Option 81, length 11: 255/255 "admin-M-^OM-^J"
            Agent-Information Option 82, length 29:
              Circuit-ID SubOption 1, length 19: Vlan100+Ethernet1/1
              Remote-ID SubOption 2, length 6: 250-25
            END Option 255, length 0
>> и что вас:
Client-ID Option 61, length 7: ether b8:a3:86:14:1d:c8
>> а в логах:
DHCPDISCOVER from b8:a3:86:14:1d:c8 via em1: network test: no free leases

"isc-dhcpd option 82"
Отправлено АлексейТ , 09-Фев-13 23:15

попробовал tshark
Option: (t=82,l=14) Agent Information Option
        Option: (82) Agent Information Option
        Length: 14
        Value: 010400010004020664700291440f
        Agent Circuit ID: 00010004
        Agent Remote ID: 64700291440f
End Option
как match писать?
match if (binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1)) = "10004") and
(binary-to-ascii(16,8,"",substring(option agent.remote-id,2,6)) = "64700291440f");

"isc-dhcpd option 82"
Отправлено alexmasz , 10-Фев-13 10:40

> как match писать?
> match if (binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1)) = "10004") and
>  (binary-to-ascii(16,8,"",substring(option agent.remote-id,2,6)) = "64700291440f");
у меня так:
log(info, "***");
if exists agent.circuit-id {
        log( info,concat("*Leased ",binary-to-ascii(10,8,".",leased-address)," (with opt82)") );
        log( info,concat("*Remote-ID: ",binary-to-ascii(16,8,":",substring(option agent.remote-id,2,6))) );
        log( info,concat("*Port: ",binary-to-ascii(10,8,"",suffix(option agent.circuit-id,1))) );
} else {
        log( info,concat("*Leased ",binary-to-ascii(10,8,".",leased-address)," (without opt82)") );
}
log(info, "***");
class "247-10-1/4" { match if option agent.circuit-id="Vlan100+Ethernet1/4" and option agent.remote-id="247-10"; }
shared-network vlan100 {
        subnet 192.168.100.0 netmask 255.255.255.0 {
                option domain-name-servers 192.168.100.2;
                option domain-name "dns.here";
                authoritative;
                option routers 192.168.100.1;
## vlan100-247
        pool { range 192.168.100.124; allow members of "247-10-1/4"; }

"isc-dhcpd option 82"
Отправлено АлексейТ , 10-Фев-13 11:34

я просто думаю, что у меня ошибка именно в match, но не знаю как это проверить :(

"isc-dhcpd option 82"
Отправлено АлексейТ , 10-Фев-13 13:15

еще как не стараюсь не пишет в логи данные, которые приходят с option 82
конфигов по логам перепробовал штук 5, вот последний:
if exists agent.circuit-id
{
log (
info, concat( " Lease for ", binary-to-ascii (10, 8, ".", leased-address),
" Swith port: ",
binary-to-ascii (10, 8, ".", option agent.circuit-id),
" Switch MAC: ",
binary-to-ascii (16, 8, ":", suffix ( option agent.remote-id, 6)),
" Switch IP: ",
binary-to-ascii(10, 8, ".", packet(24, 4)),
" VLAN: ",
binary-to-ascii (10, 16, "", substring( option agent.circuit-id, 2, 2)),
" MAC on the port: ",
binary-to-ascii (16, 8, ":", substring(hardware, 1, 6))
)
);
}

"isc-dhcpd option 82"
Отправлено АлексейТ , 10-Фев-13 15:29

поставил получение ip стандартно с hardware ethernet с вышеуказанным логированием получил в логах строку:
Lease for 10.1.255.2 Swith port: 0.1.0.5 Switch MAC: 64:70:2:91:44:f Switch IP: 0.0.0.0 VLAN: 5 MAC on the port: b8:a3:86:14:1d:c3
подправил conf по полученным данным, похоже вопрос решен!