FreeRADIUS 4: DHCP v4: ERROR: Expansion "network" needs to be resolved before it is used
Alan DeKok
aland at deployingradius.com
Mon Nov 11 11:27:34 UTC 2024
On Nov 11, 2024, at 4:00 AM, Dima Ermakov <demonihin at gmail.com> wrote
> Thank you for your explanations.
> I am sorry for being annoying but I am still somewhat lost.
> I will try to explain what I want to achieve using an example below:
>
> Here is a network description (all network numbers are imaginary):
>
> VLAN 10 (192.168.10.0/24, default gateway 192.168.10.1, DNS server
> 192.168.20.2, DHCP relay 192.168.10.1).
> VLAN 20 (192.168.20.0/24, default gateway 192.168.20.1, DNS server
> 192.168.20.2, DHCP relay 192.168.20.1).
> VLAN 30 (192.168.30.0/24, default gateway 192.168.30.1, DNS server
> 192.168.20.2, DHCP relay 192.168.30.1).
OK.
> The FreeRADIUS is in VLAN 30, 192.168.30.5.
>
> VLAN 10 and VLAN 20 are connected via a switch with layer 3 support
> and DHCP relay.
> The DHCP relay is configured to send DHCP packets to the FreeRADIUS IP
> + add the GIADDR IP address of the interface to which the relay
> receives DHCP packets (Gateway-IP-Address in FreeRADIUS as far as I
> understand).
>
> The goal is to configure FreeRADIUS to offer IP addresses via DHCP for
> networks VLAN 10 and VLAN 20.
Does the gateway send VLAN information in the DHCP packets? i.e. how does FreeRADIUS know which VLAN is in use?
As always... read the debug output.
> The networks 192.168.10.0/24 and 192.168.20.0/24 should have different
> default gateways but the same DNS settings.
You can configure any options you want in the reply.
> Also, I would like to have the network-specific settings in some kind
> of text files and not SQL database (if possible) to be able to use
> external tools to generate (template) the files (expected number of
> network prefixes is about 300).
That's fine,
> For the FreeRADIUS 3 one of the recommendations was to use "files"
> module with configuration in the "files" similar to (
> https://www.freeradius.org/documentation/freeradius-server/3.2.5/howto/protocols/dhcp/policy_network_options.html
> ):
Yes... there's no need to keep posting that link. You already did that. Posting it again and again doesn't help.
> """
> network DHCP-Network-Subnet < 192.168.10.0/24
> DHCP-Subnet-Mask := 255.255.255.0,
> DHCP-Router-Address := 192.168.10.1,
> DHCP-Domain-Name-Server := 192.168.20.2,
> DHCP-IP-Address-Lease-Time := 7200
>
>
> network DHCP-Network-Subnet < 192.168.20.0/24
> DHCP-Subnet-Mask := 255.255.255.0,
> DHCP-Router-Address := 192.168.20.1,
> DHCP-Domain-Name-Server := 192.168.20.2,
> DHCP-IP-Address-Lease-Time := 7200
> """
>
> Could you, please, recommend a way to implement something similar with
> FreeRADIUS 4?
I already gave you one option: just write the policies in unlang. This can be automatically generated.
Another option is to read the comments in the "files" module. It points you to some more documentation, which is also online at:
https://www.freeradius.org/documentation/freeradius-server/4.0.0/raddb/mods-available/files.html
and then that links to:
https://www.freeradius.org/documentation/freeradius-server/4.0.0/raddb/mods-config/files/users.html
That page says you can use IP addresses as keys! So that's exactly what you want.
Instead of using
key = 'network'
you use
key = DHCP-Network-Subnet
And then the entries are:
192.168.10.0/24
DHCP-Subnet-Mask := 255.255.255.0,
DHCP-Router-Address := 192.168.10.1,
DHCP-Domain-Name-Server := 192.168.20.2,
DHCP-IP-Address-Lease-Time := 7200
192.168.20.0/24
DHCP-Subnet-Mask := 255.255.255.0,
DHCP-Router-Address := 192.168.20.1,
DHCP-Domain-Name-Server := 192.168.20.2,
DHCP-IP-Address-Lease-Time := 7200
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list