DHCP NAT (and Relay) and Static Addressing based on Option82/Circuit ID

Martin Edge medge at emersion.com
Thu Nov 24 01:21:47 CET 2016 

Alan,

I read your DHCP File over and over, I am unclear which part should be glaringly obvious to me. 

Anyway, I have solved the issue. 

Now I can better follow the debug output - There isn't a DHCP-Relay attribute, rather a DHCP-Gateway address, which seems to *create* the DHCP-Relay attribute - so my condition was never going to work. 

It would seem the updated Relay-IP-Address needs to go in the 'reply' not the 'request'. I have now done this and it seems to be working.

        if (&DHCP-Gateway-IP-Address && "%{Packet-Src-IP-Address}" == "43.x.x.65") {
                update reply {
                        &DHCP-Relay-IP-Address := "%{Packet-Src-IP-Address}"
                }
        }

-Pools- (static)
Yes, finding the documentation is easy when you understand the context of what you're being told. I'm sure I'll figure it out.

Regards
Martin.





-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+medge=emersion.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, 24 November 2016 1:50 AM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: DHCP NAT (and Relay) and Static Addressing based on Option82/Circuit ID

On Nov 22, 2016, at 7:47 PM, Martin Edge <medge at emersion.com> wrote
> -DHCP Relay issue-
> Totally agree against modifying the source! It was a temporary path of desperation to fit inside restrictive timelines :)
> 
> The change you have suggested - where in the many configuration files would that go? 

  In raddb/sites-enabled/dhcp.

  Please *read* it.  It helps.

> I have attempted to put it in sites-enabled/dhcp and in mods-enabled/preprocess - which parses fine, but essentially seems to do nothing. I've removed the if condition in case something was going weird there.

  Don't put run-time statements into module configurations.

 You can't just add random things to random files and expect it to work.  The configuration is documented.  There are hundreds of examples.

> Best case scenario I would probably want to put something specific for this customer versus breaking the rules all the time, for instance
> 
> If (&DHCP-Relay-IP-Address && "%{Packet-Src-IP-Address}" == "x.x.x.x") {
> 	update request {
> 		DHCP-Relay-IP-Address := "%{Packet-Src-IP-Address}"
> 	}
> }

  Yes, that works.

> -DHCP Settings- 
> OK. When you say 'sql' module, can I have you elaborate a little on that? As in modify the SQL module itself or is there something I should be able to do leveraging existing functionality? 
> 
> Is there some documentation or reference that would be worth me reading to figure this out? 

  It's not that hard to find the documentation.

> I see the definition of a table 'usergroup_table' for instance, but I'm unable to see how it all stitches together. 

http://wiki.freeradius.org

  Type "sql" into the search bar.  Read the documentation.  It is *extensively* documented.

> Also not sure if this suggests I might be taking the wrong path - presently the 'Pool' I'm using is actually not really a pool, it's a 1:1 between Circuit ID (Service) and the IP address. 

  Then it's static IP assignment, and not pools.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list