regarding cisco dhcp relay agent-generation of circuit id for authentication

Mahima Kumar mahima at ualberta.ca
Sat Mar 15 01:34:49 CET 2014 

Please take a look at my config or please Can anyone please post here
configuration of a cisco router or switch acting as a dhcp relay agent
which generates circuit id and based on this circuit id i can get my client
authenticated from the freeradius server and client gets ip address from
dhcp server (i have a server which is working fine).

I have tried all the possible configs online , but i am unable to get the
circuit id.

*Cisco 2900 as relay agent configuration :*
Scenario 1 ) client --- cisco router relay agent ---- radius and dhcp server


Router#sh run
Building configuration...

Current configuration : 1330 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip cef
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
vlan internal allocation policy ascending
!

interface GigabitEthernet0/0
 ip dhcp relay information option-insert
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 10.3.31.40
 ip directed-broadcast
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 10.3.31.250 255.255.255.0
 ip directed-broadcast
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
interface Serial0/0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Vlan1
 no ip address
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ip http server
no ip http secure-server
!

control-plane
!

!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
!
end

Router#




*DEBUG OUTPUT *

*Mar 14 22:56:53.233: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:53.233:   DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:53.233:   DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:53.233:   DHCPD: circuit id 00000000
*Mar 14 22:56:53.233: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:53.233: DHCPD: adding relay information option.
*Mar 14 22:56:53.233: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
                                                  .302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.765: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:56.765:   DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.765:   DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.765:   DHCPD: circuit id 00000000
*Mar 14 22:56:56.765: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.765: DHCPD: adding relay information option.
*Mar 14 22:56:56.765: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
                                                     .302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.785: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.785: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.785: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.785: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.785: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.785: DHCPD: relay information option is removed
*Mar 14 22:56:56.785: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar 14 22:56:56.789: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639
                                        .2e32.3463.302d.4769.302f.30 on
interface GigabitEthernet0/0.
*Mar 14 22:56:56.789: DHCPD: Seeing if there is an internally specified
pool class:
*Mar 14 22:56:56.789:   DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.789:   DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.789:   DHCPD: circuit id 00000000
*Mar 14 22:56:56.789: DHCPD: there is no pool for 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: adding relay information option.
*Mar 14 22:56:56.789: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
                                                  .302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.805: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.805: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.805: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.805: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.805: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.805: DHCPD: relay information option is removed
*Mar 14 22:56:56.805: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.


PROBLEM : the circuit id value is 0. I need a circuit id to authenticate
client from radius server. my client is getting ip address from the dhcp
server, and there is end to end connectivity from client---cisco relay
agent --- radius and dhcp server . But i need to authenticate my client
based on the circuit id generated by the relay agent.



*Scenario 2) Switch 3750 as relay agent *

client --- switch as relay agent --- radius and dhcp server

Switch#sh run
Building configuration...

Current configuration : 1869 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1600
ip subnet-zero
ip routing
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!

spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
 switchport access vlan 5
 switchport mode access
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 no switchport
 ip address 10.3.31.250 255.255.255.0
!
interface GigabitEthernet1/0/4
!
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan5
 ip dhcp relay information option-insert
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 10.3.31.40
!
ip classless
ip http server
!

control-plane
!
!
line con 0
line vty 5 15
!
end

Switch#




*DEBUG OUTPUT: *

*Mar  1 00:36:39.073: DHCPD: interface Vlan5 coming up
*Mar  1 00:36:40.382: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar  1 00:36:40.382: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar  1 00:36:40.382: DHCPD: client's VPN is .
*Mar  1 00:36:40.382: DHCPD: Sending notification of DISCOVER:
*Mar  1 00:36:40.382:   DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar  1 00:36:40.382:   DHCPD: remote id 020a0000c0a8010105000000
*Mar  1 00:36:40.382:   DHCPD: interface = Vlan5
*Mar  1 00:36:40.382: DHCPD: Looking up binding using address 192.168.1.1
*Mar  1 00:36:40.382: DHCPD: setting giaddr to 192.168.1.1.
*Mar  1 00:36:40.382: DHCPD: adding relay information option.
*Mar  1 00:36:40.382: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar  1 00:36:40.407: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar  1 00:36:40.407: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar  1 00:36:40.407: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar  1 00:36:40.407: DHCPD: client's VPN is .
*Mar  1 00:36:40.407: DHCPD: DHCPOFFER notify setup address 192.168.1.5
mask 255.255.255.0
*Mar  1 00:36:40.407: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar  1 00:36:40.407: DHCPD: Forwarding reply on numbered intf
*Mar  1 00:36:40.407:  DHCPD: Option82 is currently:
*Mar  1 00:36:40.407:
 0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar  1 00:36:40.407:  DHCPD: Removing option82 information
*Mar  1 00:36:40.407: DHCPD: relay information option removed
*Mar  1 00:36:40.407:  DHCPD: Option82 is removed
*Mar  1 00:36:40.407: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar  1 00:36:40.407: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar  1 00:36:40.407: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar  1 00:36:40.407: DHCPD: client's VPN is .
*Mar  1 00:36:40.407: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30 on
interface Vlan5.
*Mar  1 00:36:40.407: DHCPD: there is no pool for 192.168.1.1.
*Mar  1 00:36:40.407: DHCPD: Looking up binding using address 192.168.1.1
*Mar  1 00:36:40.407: DHCPD: setting giaddr to 192.168.1.1.
*Mar  1 00:36:40.407: DHCPD: adding relay information option.
*Mar  1 00:36:40.407: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar  1 00:36:40.424: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar  1 00:36:40.424: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar  1 00:36:40.424: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar  1 00:36:40.424: DHCPD: client's VPN is .
*Mar  1 00:36:40.424: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar  1 00:36:40.424: DHCPD: Forwarding reply on numbered intf
*Mar  1 00:36:40.424:  DHCPD: Option82 is currently:
*Mar  1 00:36:40.424:
 0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar  1 00:36:40.424:  DHCPD: Removing option82 information
*Mar  1 00:36:40.424: DHCPD: relay information option removed
*Mar  1 00:36:40.424:  DHCPD: Option82 is removed
*Mar  1 00:36:40.424: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.


*PROBLEM : No circuit id generation which is required by me.*



Regards,

Mahima Kumar
1365962
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140314/38a982eb/attachment-0001.html>

More information about the Freeradius-Users mailing list