[Dnsmasq-discuss] IP address based on switch port number (option 82)
michael.rack at rsm-freilassing.de
Mon Feb 15 08:24:40 GMT 2010
There is a realy easy solution for that :-) Join your desired ports to
VLANs and create some subnets.
I just can't understand it, why you wish to seperate DHCP-IP-Addresses
on each port?
Liebe Grüße aus Freilassing,
RSM Freilassing Tel.: +49 8654 607110
Nocksteinstr. 13 Fax.: +49 8654 670438
D-83395 Freilassing www.rsm-freilassing.de
Am 14.02.2010 23:56, schrieb Ignacio.Bravo at belden.com:
> >>ebtables or iptables can be used to match the source MAC address and
> >>only accept inbound DHCP requests from the relay(s). No change needed
> >>to dnsmasq.
> I did that also with Iptables and it works. But there is a drawback:
> Not all ports really need option 82 (you can activate this switch
> function per port so that some ports have a fixed IP and some others not)
> In that general case dnsmasq should receive broadcasts and unicasts.
> Only some broadcasts should be discarded!
> I feel a good idea not checking circuit-remote ID tags on DHCP
> requests (not only renewals), what do you think? doing this no problem
> with renewals nor L2 relays. L3 relays would filter the broadcasts and
> this change would not disturb (i may be wrong...)
> Should you be interested in captures from hanewin dhcp server in the
> same scenario please let me know
> by the way, ISC also loops in this situation
> Simon: Of course I am eager to check any new code you could provide. I
> am a newbie in linux, may you please (if possible) detail
> commands/tools I should do/have to make&install any possible code? I
> am on ubuntu
> Thanks again
> From: "richardvoigt at gmail.com" <richardvoigt at gmail.com>
> To: Simon Kelley <simon at thekelleys.org.uk>
> Cc: Ignacio.Bravo at belden.com, dnsmasq-discuss at lists.thekelleys.org.uk
> Date: 14/02/2010 21:02
> Subject: Re: [Dnsmasq-discuss] IP address based on switch port number
> (option 82)
> On Sun, Feb 14, 2010 at 1:53 PM, Simon Kelley
> <simon at thekelleys.org.uk> wrote:
> > Ignacio.Bravo at belden.com wrote:
> >> Hello Simon, Thanks fo such a quick answer! Yes I detected that a bit
> >> later and the tag is set now.
> >> dhcp-range=net:ignacio,10.10.35.60,10.10.35.65
> >> dhcp-circuitid=ignacio,b9:06:00:00:01:01:01:03,
> >> dhcp-remoteid=ignacio,00:06:00:80:63:60:e1:64
> >> BUT IT STILL DOESNT WORK. the tag is set but i detected sort of a
> >> loop of discovers, NAKs and ACKs so that client does never get its IP
> >> Please find enclosed log output (dnsmasq shows loop.txt) Every
> >> "dnsmasq: etiquetas: ignacio, eth0" tag is set (Spanish log, sorry)
> >> Please find enclosed capture file showing the loop (dhcp loop from
> >> wireshark at the server side): Relay: .251 server: .200
> >> Please take into account I have a layer2 network (client----L2switch
> >> acting as dhcp relay op82---dhcp server)
> >> I feel the problem is dnsmasq receives two requests at almost the
> >> same time (the broadcasted one which is Naked and the unicasted one
> >> Acked) Of course the NACk message restarts the process at the client
> >> side
> >> Two questions: - Do you have any dnsmasq config solution for that
> >> (what´s the reason for the first request to be NAKed?)? I have
> >> experience with Hanewin and works ok in this topology without
> >> 'external help' I got one solution using iptables -A INPUT -i eth0 -p
> >> udp -s 0.0.0.0/32 -d 255.255.255.255/32 --dport 67 -j DROP (i do
> >> filter any broadcasted request or discover)
> > You are right. It's getting one request direct (without going through
> > the relay in the switch) and one request from the relay. Only the
> > request that goes throught switch has the circuit-id and sets the tag.
> > Without the tag, the dhcp-range is not avilable, so it causes an error.
> > Part of this problem is the strange setup you have where the clients are
> > in the same broadcast domain as the server, _and_ you have the DHCP
> > relay. Even without that there's still a problem because clients will do
> > DHCP renewals direct/unicast without using the relay - that will fail.
> > Some switches can be configured to do transparent option-82 addition to
> > _all_ DHCP packets without doing the relay function. That would fix the
> > problem if your switch can do it.
> > I'm going to have to think about code changes to fix this in the general
> > case. Are you able to compile and test new versions of dnsmasq?
> ebtables or iptables can be used to match the source MAC address and
> only accept inbound DHCP requests from the relay(s). No change needed
> to dnsmasq.
> >> - does dnsmasq.conf do an AND with dhcp-circuitid
> > dhcp-remoteid values?, I mean,
> >> should I have more than one switch could dnsmasq sort the first port
> >> of the first switch and the first port at the second switch?
> > Yes, you can do that: The AND function is in dhcp-range: set tags for
> > each switch and port and use a switch tag and a port tag in dhcp-range
> > dhcp-range=net:switch-1,net:port-1,192.168.7.1,192.168.7.4,255.255.255.0
> > Cheers,
> > Simon.
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> DISCLAIMER: Privileged and/or Confidential information may be
> contained in this message. If you are not the addressee of this
> message, you may not copy, use or deliver this message to anyone. In
> such event, you should destroy the message and kindly notify the
> sender by reply e-mail. It is understood that opinions or conclusions
> that do not relate to the official business of the company are neither
> given nor endorsed by the company. Thank You.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss