Not trivial configuration of Freeradius as DHCP server
Tony DeMatteis
tonyd at commspeed.net
Mon Mar 10 21:07:37 CET 2014
Hello,
Took this snippet from what I'm doing which I got from a colleague who
first pulled a working config together. See where you can with this...
'dhcp' folder resides in raddb/dhcp and the dhcp-config.txt file is raddb/sites-available/dhcp
# Main conf - dhcp-config.txt
server dhcp {
client any {
ipaddr = 0.0.0.0
#netmask = 0
dhcp = yes
}
listen {
ipaddr = *
port = 67
type = dhcp
}
dhcp DHCP-Discover {
update reply {
DHCP-Message-Type = DHCP-Offer
}
switch "%{DHCP-Gateway-IP-Address}" {
case 192.168.60.1 {
$INCLUDE dhcp/pool_system1
}
case 10.20.0.1 {
$INCLUDE dhcp/pool_system2
}
case {
# Do not reply to DHCP requests from subnets
# which we are not authoriative
update reply {
DHCP-Message-Type !* 0
}
do_not_respond
}
}
# Global DHCP parameters
$INCLUDE dhcp/global
dhcp_sqlippool
if(notfound || noop) {
reject
}
ok
}
dhcp DHCP-Request {
update reply {
DHCP-Message-Type = DHCP-Ack
}
switch "%{DHCP-Gateway-IP-Address}" {
case 192.168.10.1 {
$INCLUDE dhcp/pool_system1
}
case 10.20.0.1 {
$INCLUDE dhcp/pool_system2
}
case {
# Do not reply to DHCP requests from subnets
# which we are not authoriative
update reply {
DHCP-Message-Type !* 0
}
do_not_respond
}
}
# Global DHCP parameters
$INCLUDE dhcp/global
dhcp_sqlippool
if(notfound || noop) {
reject
}
ok
}
dhcp DHCP-Inform {
}
# If there's no named section for the packet type, then the packet
# is processed through this section.
dhcp {
# send a DHCP NAK.
reject
}
}
# End main conf
# Global Conf
# ./dhcp/global.conf
update reply {
DHCP-Domain-Name-Server = 8.8.8.8
DHCP-Domain-Name-Server += 8.8.4.4
DHCP-Domain-Name = "mydomain.com"
DHCP-DHCP-Server-Identifier = <dhcp-server-ip>
}
# System 1 devices - Cable Modems
# ./dhcp/pool_system1.conf
if(DHCP-Vendor-Class-Identifier =~ /^docsis[1-2].*$/){
update control {
Pool-Name := 'system_pool1'
}
}
# System 2 devices
# ./dhcp/pool_system2.conf
if(DHCP-Vendor-Class-Identifier){
update reply {
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.20.0.1
DHCP-Broadcast-Address = 10.20.0.255
DHCP-IP-Address-Lease-Time = 3600
}
update control {
Pool-Name := 'system_pool2'
}
}
On 03/10/2014 12:38 PM, Alan DeKok wrote:
> Vyacheslav Maliev wrote:
>> Hello! I`ve tried to configure my freeradius installation like described
>> here http://wiki.freeradius.org/guide/dhcp-for-static-ip-allocation
>> but it`s very simple case for only one subnet. Now we have two networks
>> which needs to get IP by DHCP server. So is there any possibility to
>> configure DHCP scopes for different networks? Thanks!
> Yes. It's not as easy as with a dedicated DHCP server. You'll need
> to split the packets, so that some use subnet A, and some use subnet B.
> Look at the packets (radiusd -X) to see how they're different. Usually
> there will be a gateway IP address different, or perhaps something else.
>
> It's probably best to use groups to assign the network parameters.
> e.g. use the radgroupcheck and radgroupreply tables. For users in group
> A, assign them options for network A, and users in group B should be
> assigned options in network B.
>
> i.e. separate the *common* configuration into group parameters. Thenm
> each user should have only user-specific parameters. e.g. an IP
> address, and a group membership.
>
> For v3.1, we're looking at maybe coming up with DHCP-specific queries
> for SQL. But getting help from other people would be useful, too.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140310/b8edb1a8/attachment.html>
More information about the Freeradius-Users
mailing list