DHCP and Option 82

Alan DeKok aland at deployingradius.com
Fri Feb 23 14:15:57 CET 2018


On Feb 23, 2018, at 7:37 AM, Daniel Ryšlink <ryslink at dialtelecom.cz> wrote:
>> You can edit those files to do IP pool assignment for DHCP, using the relay options.
> 
> Okay, but how do I do that? I have read the files you mention multiple times already, they contain nothing relevant to the subject of decoding the option 82 information and using them as a key in IP pool assignment.

  The configuration files do not contain examples of every possible configuration.  That's just impossible to do.

  They *do* contain examples of how to use information in the packet to assign IP addresses.  For example, you can read this file: raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf

  It contains not only the queries, but comments that document what each query does.  It isn't difficult to edit those queries to key off of another attribute, instead of Calling-Station-Id.

> I understand that I cannot rewrite the existing Calling-Station-Id ,

  Why not?  If you're doing DHCP, there's no Calling-Station-Id attribute in the DHCP packet.

  Or are you doing RADIUS?  Please explain...

> but there should be a way of passing a string composed of %{dhcp_options:<Circuit-ID>}%{dhcp_options:<Agent-ID>} to the dhcp_sqlippool module that would use it as a key and assign an IP address from a matching database row - this must be like the most standard thinkable usage scenario, so how comes a clear example of working configuration I could use?

  You're free to figure it out and update the documentation on the wiki.

>  Something like this:
> 
> http://freeradius.1045715.n5.nabble.com/Not-trivial-configuration-of-Freeradius-as-DHCP-server-td5725623.html
> 
> but involving the option 82? I tried to Google it, but did not find anything at all.

  You're looking at the wrong thing.  You simply CANNOT "google for the thing that answers all of my questions".  FreeRADIUS is complex enough that it's *impossible* to provide pre-packaged solutions for every possible question.

  Instead, you have to *understand* how things work, and then create a custom solution for your custom environment.  We can help with that, of course.

> There is apparently also the mods-avaliable/dhcp file that should allow it somehow, but once again, there is no example of use.

  There is documentation that describes what the module does.

> Never mind, I have also noticed that the module mac2ip piggy-backs the password module to interpret a text file as a database to assign IP addresses using the MAC address of the Calling Station as a key. I tried to use it to do the same, only using the %{dhcp_options:<Circuit-ID>}%{dhcp_options:<Agent-ID>} string as a key, so I created this file (the character ; is used as a delimiter):
> 
>  /etc/freeradius/3.0/mods-config/dhcp/opt82toip:
> 
> 0x4769302f31373a3130;0x010b465454582d535749544348;10.10.100.130 0x4769302f31373a3130;0x010b465454582d535749544348;10.10.100.120

  That may work...

> However, when I try to start Freeradius, I get:
> 
> rlm_passwd: can't build hashtable from passwd file
> /etc/freeradius/3.0/mods-enabled/opt82toip[21]: Instantiation failed for module "opt82toip"
> 
> However, I don't need to hash the file

  <sigh>  The module is building a hash table internally, so that it doesn't need to read the file every time.

> (it's not a password file after all),

  And similarly, the module is the "passwd" module, which reads "passwd" style files.  So the messages it prints out are about "passwd" style files.

  Please put the pieces together to understand what's going on.

> I just want it interpretted as a database with the first two fields as a compound key and the third field as a value that would be returned upon match. Is it possible to do it?

  That's what the module does.  A "database" often uses hash tables internally to track data.

  That error probably means that FreeRADIUS can't read the file.  Make sure that's allowed.

  Alan DeKok.




More information about the Freeradius-Users mailing list