DHCP howto

Alan DeKok aland at deployingradius.com
Fri Feb 15 14:43:40 CET 2013

Igor Smitran wrote:
> What would need to be done in dhcp setup in order to have
> radusergroup/radcheck/radreply/radacct-alike behavior?

  Phil's response is good.

> I am trying to make it work with cable equipment (CM,MTA,CPE) but i am
> not sure how to start. CM and MTA would have static IP addresses (sql
> prefered because of additional replies: boot-file,dns,gateway etc.) and
> CPE's would have dynamic IP address assigned.

  This gets into policies (if/then/else), which are complicated.

  My suggestion is to split the problem into pieces.  The first piece is
to identify which "group" a device belongs to.  This can be done by
looking at information in the packet.  Or, it can be done by putting the
MAC addresses into a table, and mapping MAC -> group-name.  SQL can be
used here, with a custom schema.  The "unlang" code can be used to grab
the group-name based on the MAC:

	update control {
		my-group-Name = "%{sql: SELECT ...}"

  You'll have to define My-group-name in raddb/dictionary.  See the
comments there for examples.

  This step lets you simplify the problem.  Instead of applying policies
to 10's of 1000's of devices, you can now apply it to 3-4 groups.

  The next step is to apply the per-group policy.  Key off of the group
name, and apply group-specific policies.

> I am willing to do some serious tests and get back with results because
> if everything works ok i would switch to freeradius from standard ISC
> dhcpd.

  That's the goal.  Thanks for the help.

  The DHCP code *should* work.  But having more documentation, examples,
and real-world tests will help a lot.

  Alan DeKok.

More information about the Freeradius-Users mailing list