[Kea-users] Option82

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] Option82

Batuhan Bakıp

I want to use option82 in KEA. I read KEA document but I cannot understand how to do. Now I use ISC DHCP and I use option82 successfully.

 

The structure I am currently using is as follows:

 

Example for one user;

 

I have class file /etc/dhcp/class/example and it contains a class like the following.

class "ABCD"{

match if (substring (option agent.circuit-id,2, 2) = 00:1A) --->vlan number type hex (00:1A=26)

and (substring( option agent.remote-id, 2, 10) = 12:34:AB:CD:56:78)--->remote-id of switch type hex

and (suffix (option agent.circuit-id, 1) = 09) --->port number in switch

and(substring (hardware, 1, 6) = 34:17:eb:bc:6e:33);}  --->mac address

….

 

I have pool file /etc/dhcp/pool/example and it contains a pool like the following.

pool {

allow members of "ABCD"; ---> Matching class name

range 192.168.1.50;} ---> Giving this IP address if it matches informations in the class

….

 

I define pool and class in the file (etc/dhcp/dhcpd.conf) as follows.

include "etc/dhcp/class/example";

shared-network EXAMPLE{

subnet 192.168.100.100 netmask 255.255.255.255 {}

subnet 192.168.1.0 netmask 255.255.255.0 {

option routers 192.168.1.1;

}

include "etc/dhcp/pool/example";

}

 

And this works. The person with this MAC address will get this IP address if it sends a request from this port of this switch.

How to similar structure in KEA?

 


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] Option82

Tomek Mrugalski
On 16/03/2018 07:19, Batuhan Bakıp wrote:
> I want to use option82 in KEA. I read KEA document but I cannot
> understand how to do. Now I use ISC DHCP and I use option82 successfully.
You posted the same question as a ticket here:
http://kea.isc.org/ticket/5575

It's much better to ask this kind of questions on a mailing list, so
thank you for doing that. Adding trac tickets that are really questions
is troublesome, because they're not meant to be used that way.

Anyway, here's the answer I originally posted to the ticket:

You specified Kea version as 1.1.0. If you are really using 1.1.0,
please upgrade to 1.3.0. There's been a lot of changes and improvements
in the client classification area.

Please take a look at section 8.2.15 here:
https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#dhcp4-client-classifier.
It explains how to define a class in Kea. You definitely want to look at
Chapter 13
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#classify).

You are looking at relay options. What dhcpd expressed as
agent.circuit-id is relay4.option[1].hex in Kea nomenclature and
agent.remote-id is relay4.option[2].hex etc.

If you want to restrict access to specific subnets for certain classes,
you may want to see an example in 8.6.2
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#dhcp4-srv-example-client-class-relay).
It explains how to allow access to certain subnet only to members of
specific class (it's equivalent of allow member of "ABCD").

If you want to restrict access to specific pool, not whole subnet, this
feature will become available in upcoming 1.4. If you want to try it,
the code has been developed already and it's in our git repository.

The question you want to ask yourself is how many such expressions (each
representing a client) do you have? If you want to define many of them,
there's more efficient way to do it: You can define host reservations
(each with its own MAC address) and assign those hosts to a class.
Please take a look at Section 8.3.6
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#reservation4-client-classes).

You can combine this with the class restrictions on pool and subnet level.

Finally, if you want to extract the mac addresses and ports (effectively
using MAC+port switch as client identifier), you can use flex-id to do
that. See Section 14.3.3
(​https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#flex-id).

Hope that helps.
Tomek Mrugalski
ISC
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users