FreeRadius to authenticate DHCP Requests with Option82
Fajar A. Nugraha
list at fajar.net
Wed Feb 22 09:59:19 CET 2012
On Wed, Feb 22, 2012 at 3:16 PM, <sachin.sharma at wipro.com> wrote:
> Hello all,
>
> I am implementing Free Radius to authenticate DHCP Requests with Option82.
> I have configured DHCP Relay Agent, DHCP Snooping in CISCO Switch and DHCP
> Server. Now i have to configure RADIUS for option82.
Are you trying to configure a RADIUS server, or a DHCP server?
Freeradius can function as both, but the configuration is different.
>
> Please help me to configure RADIUS for DHCP option82.
See my previous question.
> Also i am not clear
> who will authenticate to RADIUS, Switch,DHCP Relay Agent or DHCP Server.
> After reading docs i guess it's DHCP Server ....
You might have just answered your own question :)
Two possibilities:
(1) If I understand your question correctly, you DON'T configure a
radius server for DHCP option 82. Instead, you configure a DHCP server
that can understand and process option 82.
FR SHOULD be able to function as DHCP server that handles option 82,
BUT there are things that require some kind of advanced knowledge. For
example:
- you need to enable DHCP functionality expicility during compilation,
or use latest master or v2.1.x branch from git (which should enable it
by default)
- you need to write your own logic on how to handle option 82
(DHCP-Agent-Circuit-Id and DHCP-Agent-Remote-Id attributes). The git
version have an example of sqlippool module that handles static and
dynamic IP assignment, but it doesn't process those two attributes.
You need to modify it yourself.
So in short, it SHOULD be possible with FR, but requires some effort.
Depending on your skill and knowledge, you might be better of using
another DHCP server
(2) If I misunderstood your question, and what you need is simply for
a radius server that sends a particular attribute, then you need to
know what attribute it is, and what value it should contain. Once you
have that, implementing it in FR should be easy.
--
Fajar
More information about the Freeradius-Users
mailing list