Freeradius dhcp module configuration

Alan DeKok aland at deployingradius.com
Mon Jan 29 14:54:58 CET 2018 

On Jan 29, 2018, at 7:23 AM, Daniel Ryšlink <ryslink at dialtelecom.cz> wrote:
> First of all, I apologize for anything wrong in my approach or method (there is probably plenty), but my time is running short and so I come here to ask for advice.
> 
> I am trying to setup a Freeradius server with a DHCP virtual server. An example from my users file:
> 
> Gi0/19:10.010B465454582D535749544348    Cleartext-Password := "juniper-bng1"

  You don't need passwords for DCHCP.

>         ERX-Ingress-Policy-Name := FF-1M,
>         ERX-CoS-Shaping-Pmt-Type = "T02 2m",
>         ERX-Cos-Scheduler-Pmt-Type = "VOIP-SCH T10 100k",

  These attributes don't go into DHCP packets/

> The idea behind the "key" line is that the user should be identified by both the combination of Circuit-ID and Remote-ID (Option 82), and ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id are present in the Radius packet but absent from the DHCP packet, but DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id are present in the DHCP packet and absent from the Radius packet. Thus, no matter if the pool is called by the Radius or the DHCP virtual server, this line always expand to the same key for a given user.

  OK.

> I have read in the docs that there is the DHCP configuration (mods-available/dhcp) file that allows to "decode the Option 82 values", but I did not manage to get it working since there is no working example in the documentation, and I could not even google one up.
> 
> My questions:
> 
> 1) If the address is in the static Framed-IP-Address in the users (files/authorize) file, how do I tell the DHCP server to use it for the given user via the ippool module when the DHCP request comes?

  Read raddb/sites-available/dhcp.  Just list "ippool" in the virtual server.  And also, create a "files_dhcp" which is a variant of the "files" module for DHCP users.

> 2) When assigning a dynamic address from the 'hohola' pool, I managed to get it working, but the Radius assigns one address and creates an entry in the ippool database, and then the DHCP server discovers that for a given key there is already an entry, but decides it is "stale", and assigns another IP address.

  Because it hasn't been updated with the appropriate DHCP information.

  You can't just create one set of policies / modules, and have them work for *both* DHCP and RADIUS.  The protocols are different, and need different management.

  Alan DeKok.

More information about the Freeradius-Users mailing list