DHCP relay IP and gateway IP, possible bad logic?

Igor Smitran sigor at blic.net
Mon Mar 4 20:05:23 CET 2013

On 03/04/2013 04:54 PM, Alan DeKok wrote:
>    The point of asking for debug output is to see what the server is doing.
>    I'm not sure what the rest of your message means.  The server defaults
> to copying the giaddr from the request to the reply.  This is so that
> the reply can use the giaddr as the destination IP.  If you use Perl to
> update the giaddr to something else... then the reply will be sent there.
I have to do that, this is cable IP network that i am talking about. 
Real life example.
I am using Cisco CMTS and his primary interface IP as cable-helper/relay IP.

This is by desing.
I am sorry for my bad english but  i will try to explain, please bare 
with me...

This is CM/CPE bundle interface:

interface Bundle1.150
  vrf forwarding vrf_name
  ip address public_ip secondary
  ip address private_ip
  no ip unreachables
  no cable arp
  cable source-verify dhcp
  cable helper-address radius_ip

As you can see CMTS will relay all requests from CM's and CPE's over 
primary interface address (private_ip/
radius will get all requests from that IP. all offers need to go back to 
that same ip, no matter what giaddr is sent to client.

*i have it already working that way with another dhcp server, in 
**also, couple of commercial products that i was testing had exactly the 
same logic implemented, all offers were sent to relay ip, no matter what 
was set as giaddr.*

Let us say that i have two pools for CPE devices, imaginary:

In that case i will have two lines in bundle interface setup:
ip address secondary
ip address secondary

and this is relay_ip (primary ip address of bundle interface)
ip address

If dhcp finds free address from first pool ( offer 
will be somethink like this:

OPTION:   1 (  4) Subnet mask     

*but offer still needs to be sent to*, where requests came 
from in the first place.

I didn't break anything, i have to do it that way.
As far as dhcp server goes, it would be logical for him to return the 
offer to relay ip. relay will forward it to a client and client will get 
correct data.
If offer goes to any other address Cisco ASA will drop that packet 
because it doesn't have it in initiated/established chains...

Next time CPE tries to renew/release address request will come from again...

That is why i said that relay_ip shouldn't be replaced with giaddr.

FR i am using is 2.2.0, latest stable version.

i will try to send debug info tomorrow AM CET...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130304/1eea3861/attachment.html>

More information about the Freeradius-Users mailing list