Freeradius dhcp module configuration

Daniel Ryšlink ryslink at dialtelecom.cz
Mon Jan 29 13:23:05 CET 2018 

Hello,

First of all, I apologize for anything wrong in my approach or method 
(there is probably plenty), but my time is running short and so I come 
here to ask for advice.

I am trying to setup a Freeradius server with a DHCP virtual server. An 
example from my users file:


Gi0/19:10.010B465454582D535749544348    Cleartext-Password := "juniper-bng1"
         ERX-Ingress-Policy-Name := FF-1M,
         ERX-CoS-Shaping-Pmt-Type = "T02 2m",
         ERX-Cos-Scheduler-Pmt-Type = "VOIP-SCH T10 100k",
         Framed-IP-Address := 10.10.100.150

Gi0/20:10.010b465454582d535749544348    Cleartext-Password := 
"juniper-bng1", Pool-Name := "hohola"
         ERX-Ingress-Policy-Name := FF-1M,
         ERX-CoS-Shaping-Pmt-Type = "T02 2m",
         ERX-Cos-Scheduler-Pmt-Type = "VOIP-SCH T10 100k"


There are two types of users - those who have a static IP set via the 
Framed-IP-Address as shown in the example above, and those who get their 
IP from the pool called "hohola" - for this purpose, I set up the ippool 
module:

ippool hohola {
         filename = ${db_dir}/db.ippool
         range_start = 10.10.100.5
         range_stop = 10.10.100.254
         netmask = 255.255.255.0
         cache_size = 800
         ip_index = ${db_dir}/db.ipindex
         override = no
         maximum_timeout = 0
         key = 
"%{ADSL-Agent-Circuit-Id}%{DHCP-Relay-Circuit-Id}%{ADSL-Agent-Remote-Id}%{DHCP-Relay-Remote-Id}"
}

The idea behind the "key" line is that the user should be identified by 
both the combination of Circuit-ID and Remote-ID (Option 82), and 
ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id are present in the Radius 
packet but absent from the DHCP packet, but DHCP-Relay-Circuit-Id and 
DHCP-Relay-Remote-Id are present in the DHCP packet and absent from the 
Radius packet. Thus, no matter if the pool is called by the Radius or 
the DHCP virtual server, this line always expand to the same key for a 
given user.

I have read in the docs that there is the DHCP configuration 
(mods-available/dhcp) file that allows to "decode the Option 82 values", 
but I did not manage to get it working since there is no working example 
in the documentation, and I could not even google one up.

My questions:

1) If the address is in the static Framed-IP-Address in the users 
(files/authorize) file, how do I tell the DHCP server to use it for the 
given user via the ippool module when the DHCP request comes?

2) When assigning a dynamic address from the 'hohola' pool, I managed to 
get it working, but the Radius assigns one address and creates an entry 
in the ippool database, and then the DHCP server discovers that for a 
given key there is already an entry, but decides it is "stale", and 
assigns another IP address.

Any advice would be most welcome, thank you in advance.

-- 
S pozdravem,
Daniel Ryšlink
System Administrator

Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.ryslink at dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------

More information about the Freeradius-Users mailing list