[Dnsmasq-discuss] IP address based on switch port number (option 82)

Sun Feb 14 19:53:34 GMT 2010

Ignacio.Bravo at belden.com wrote:
> Hello Simon, Thanks fo such a quick answer! Yes I detected that a bit
> later and the tag is set now. 
> dhcp-range=net:ignacio,10.10.35.60,10.10.35.65 
> dhcp-circuitid=ignacio,b9:06:00:00:01:01:01:03, 
> dhcp-remoteid=ignacio,00:06:00:80:63:60:e1:64
> 
> BUT IT STILL DOESNT WORK. the tag is set but i detected sort of a
> loop of discovers, NAKs and ACKs so that client does never get its IP
>  Please find enclosed log output (dnsmasq shows loop.txt) Every
> "dnsmasq: etiquetas: ignacio, eth0" tag is set (Spanish log, sorry)
> 
> Please find enclosed capture file showing the loop (dhcp loop from
> wireshark at the server side): Relay: .251 server: .200
> 
> Please take into account I have a layer2 network (client----L2switch
> acting as dhcp relay op82---dhcp server)
> 
> I feel the problem is dnsmasq receives two requests at almost the
> same time (the broadcasted one which is Naked and the unicasted one
> Acked) Of course the NACk message restarts the process at the client
> side

> 
> Two questions: - Do you have any dnsmasq config solution for that
> (what´s the reason for the first request to be NAKed?)? I have
> experience with Hanewin and works ok in this topology without
> 'external help' I got one solution using iptables -A INPUT -i eth0 -p
> udp -s 0.0.0.0/32 -d 255.255.255.255/32 --dport 67 -j DROP (i do
> filter any broadcasted request or discover)
You are right. It's getting one request direct (without going through
the relay in the switch) and one request from the relay. Only the
request that goes throught switch has the circuit-id and sets the tag.
Without the tag, the dhcp-range is not avilable, so it causes an error.

Part of this problem is the strange setup you have where the clients are
in the same broadcast domain as the server, _and_ you have the DHCP
relay. Even without that there's still a problem because clients will do
DHCP renewals direct/unicast without using the relay - that will fail.

Some switches can be configured to do transparent option-82 addition to
_all_ DHCP packets without doing the relay function. That would fix the
problem if your switch can do it.

I'm going to have to think about code changes to fix this in the general
case. Are you able to compile and test new versions of dnsmasq?

> - does dnsmasq.conf do an AND with dhcp-circuitid
dhcp-remoteid values?, I mean,
> should I have more than one switch could dnsmasq sort the first port
> of the first switch and the first port at the second switch?

Yes, you can do that: The AND function is in dhcp-range: set tags for
each switch and port and use a switch tag and a port tag in dhcp-range

dhcp-range=net:switch-1,net:port-1,192.168.7.1,192.168.7.4,255.255.255.0

Cheers,

Simon.