Not trivial configuration of Freeradius as DHCP server

Tony DeMatteis tonyd at commspeed.net
Mon Mar 10 21:07:37 CET 2014


Hello,

Took this snippet from what I'm doing which I got from a colleague who 
first pulled a working config together.  See where you can with this...

'dhcp' folder resides in raddb/dhcp and the dhcp-config.txt file is raddb/sites-available/dhcp



# Main conf - dhcp-config.txt

server dhcp {

   client any {
     ipaddr = 0.0.0.0
     #netmask = 0
     dhcp = yes
   }

   listen {
     ipaddr = *
     port = 67
     type = dhcp
   }

   dhcp DHCP-Discover {
     update reply {
       DHCP-Message-Type = DHCP-Offer
     }

     switch "%{DHCP-Gateway-IP-Address}" {

       case 192.168.60.1 {
         $INCLUDE dhcp/pool_system1
       }

       case 10.20.0.1 {
         $INCLUDE dhcp/pool_system2
       }

       case {
         # Do not reply to DHCP requests from subnets
         # which we are not authoriative
         update reply {
           DHCP-Message-Type !* 0
         }
         do_not_respond
       }
     }

     #  Global DHCP parameters
     $INCLUDE dhcp/global

     dhcp_sqlippool

     if(notfound || noop) {
       reject
     }

     ok
   }

   dhcp DHCP-Request {
     update reply {
       DHCP-Message-Type = DHCP-Ack
     }

     switch "%{DHCP-Gateway-IP-Address}" {

       case 192.168.10.1 {
         $INCLUDE dhcp/pool_system1
       }

       case 10.20.0.1 {
         $INCLUDE dhcp/pool_system2
       }

       case {
         # Do not reply to DHCP requests from subnets
         # which we are not authoriative
         update reply {
           DHCP-Message-Type !* 0
         }
         do_not_respond
       }
     }

     #  Global DHCP parameters
     $INCLUDE dhcp/global

     dhcp_sqlippool

     if(notfound || noop) {
       reject
     }

     ok
   }

   dhcp DHCP-Inform {
   }

   #  If there's no named section for the packet type, then the packet
   #  is processed through this section.
   dhcp {
     # send a DHCP NAK.
     reject
   }
}

# End main conf

# Global Conf
# ./dhcp/global.conf
update reply {
   DHCP-Domain-Name-Server = 8.8.8.8
   DHCP-Domain-Name-Server += 8.8.4.4
   DHCP-Domain-Name = "mydomain.com"
   DHCP-DHCP-Server-Identifier = <dhcp-server-ip>
}

# System 1 devices - Cable Modems
# ./dhcp/pool_system1.conf
if(DHCP-Vendor-Class-Identifier =~ /^docsis[1-2].*$/){
   update control {
     Pool-Name := 'system_pool1'
   }
}

# System 2 devices
# ./dhcp/pool_system2.conf
if(DHCP-Vendor-Class-Identifier){
   update reply {
     DHCP-Subnet-Mask = 255.255.255.0
     DHCP-Router-Address = 10.20.0.1
     DHCP-Broadcast-Address = 10.20.0.255
     DHCP-IP-Address-Lease-Time = 3600
   }
   update control {
     Pool-Name := 'system_pool2'
   }
}




On 03/10/2014 12:38 PM, Alan DeKok wrote:
> Vyacheslav Maliev wrote:
>> Hello! I`ve tried to configure my freeradius installation like described
>> here http://wiki.freeradius.org/guide/dhcp-for-static-ip-allocation
>> but it`s very simple case for only one subnet. Now we have two networks
>> which needs to get IP by DHCP server. So is there any possibility to
>> configure DHCP scopes for different networks? Thanks!
>    Yes.  It's not as easy as with a dedicated DHCP server.  You'll need
> to split the packets, so that some use subnet A, and some use subnet B.
>   Look at the packets (radiusd -X) to see how they're different.  Usually
> there will be a gateway IP address different, or perhaps something else.
>
>    It's probably best to use groups to assign the network parameters.
> e.g. use the radgroupcheck and radgroupreply tables.  For users in group
> A, assign them options for network A, and users in group B should be
> assigned options in network B.
>
>    i.e. separate the *common* configuration into group parameters.  Thenm
> each user should have only user-specific parameters.  e.g. an IP
> address, and a group membership.
>
>    For v3.1, we're looking at maybe coming up with DHCP-specific queries
> for SQL.  But getting help from other people would be useful, too.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140310/b8edb1a8/attachment.html>


More information about the Freeradius-Users mailing list