dhcp xlat for encoding DHCP options in RADIUS attributes

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Mar 6 06:33:45 CET 2018



> On Mar 6, 2018, at 9:06 AM, Nathan Ward <lists+freeradius at daork.net> wrote:
> 
> Hi,
> 
> I did a bit of digging around in the archives, I’m trying to do effectively what Peter was doing in this thread: http://lists.freeradius.org/pipermail/freeradius-devel/2013-April/007974.html
> Actually not effectively, quite literally, for literally the same service offered by the same provider in the same market :)
> 
> I am aware of dhcp_options xlat for *decoding* DHCP options. I am looking to encode DHCP options for transmitting to the NAS.
> 
> I note that Arran has implemented an xlat called ‘dhcp’ since then, looks like it’s based on discussions from that thread, but I’m not sure how it should be used. I’ve defined some attributes similar to the thread above, but with the ‘dot notation’ format rather than the ‘BEGIN TLV’ type format. Additionally, I changed the type of ‘DHCP-Vendor’ to ‘tlv’. It was set to “octets # tlv”.. which I’m not sure how to interpret, but FreeRADIUS refused to start when it was set to that as the sub options expect it to be a TLV, which seems reasonable.
> This is in my dictionary.dhcp, in amongst everything else - the first lines is modified as I describe above, the others are new.
> ATTRIBUTE       DHCP-Vendor				43	tlv
> ATTRIBUTE       DHCP-Vendor-URL                         43.1    string
> ATTRIBUTE       DHCP-Vendor-Pass                        43.2    string
> ATTRIBUTE       DHCP-Vendor-CPEID                       43.253  string
> 
> 
> If I do ‘ERX-Dhcp-Options = “0x%{dhcp:DHCP-Vendor-URL}”’ after setting DHCP-Vendor-URL, it tells me that it’s not a DHCP option, and I get an empty option. If I try set it to “0x%{dhcp:DHCP-Vendor}”, it gets set to empty, and it doesn’t get transmitted in the RADIUS packet. I have also tried things like %{dhcp:&DHCP-Vendor} and so on, but same result.

You have the usage right, but the options need to be defined inside the DHCP dictionary (share/dictionary.dhcp) inside the vendor block. The vendor block was a hack to avoid implementing protocol specific dictionaries (which are a lot of effort).

-Arran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180306/29fde0df/attachment.sig>


More information about the Freeradius-Users mailing list