[Dnsmasq-discuss] IP address based on switch port number (option 82)
richardvoigt at gmail.com
richardvoigt at gmail.com
Sun Feb 14 20:02:38 GMT 2010
On Sun, Feb 14, 2010 at 1:53 PM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> Ignacio.Bravo at belden.com wrote:
>> Hello Simon, Thanks fo such a quick answer! Yes I detected that a bit
>> later and the tag is set now.
>> dhcp-range=net:ignacio,10.10.35.60,10.10.35.65
>> dhcp-circuitid=ignacio,b9:06:00:00:01:01:01:03,
>> dhcp-remoteid=ignacio,00:06:00:80:63:60:e1:64
>>
>> BUT IT STILL DOESNT WORK. the tag is set but i detected sort of a
>> loop of discovers, NAKs and ACKs so that client does never get its IP
>> Please find enclosed log output (dnsmasq shows loop.txt) Every
>> "dnsmasq: etiquetas: ignacio, eth0" tag is set (Spanish log, sorry)
>>
>> Please find enclosed capture file showing the loop (dhcp loop from
>> wireshark at the server side): Relay: .251 server: .200
>>
>> Please take into account I have a layer2 network (client----L2switch
>> acting as dhcp relay op82---dhcp server)
>>
>> I feel the problem is dnsmasq receives two requests at almost the
>> same time (the broadcasted one which is Naked and the unicasted one
>> Acked) Of course the NACk message restarts the process at the client
>> side
>
>>
>> Two questions: - Do you have any dnsmasq config solution for that
>> (what´s the reason for the first request to be NAKed?)? I have
>> experience with Hanewin and works ok in this topology without
>> 'external help' I got one solution using iptables -A INPUT -i eth0 -p
>> udp -s 0.0.0.0/32 -d 255.255.255.255/32 --dport 67 -j DROP (i do
>> filter any broadcasted request or discover)
> You are right. It's getting one request direct (without going through
> the relay in the switch) and one request from the relay. Only the
> request that goes throught switch has the circuit-id and sets the tag.
> Without the tag, the dhcp-range is not avilable, so it causes an error.
>
> Part of this problem is the strange setup you have where the clients are
> in the same broadcast domain as the server, _and_ you have the DHCP
> relay. Even without that there's still a problem because clients will do
> DHCP renewals direct/unicast without using the relay - that will fail.
>
> Some switches can be configured to do transparent option-82 addition to
> _all_ DHCP packets without doing the relay function. That would fix the
> problem if your switch can do it.
>
> I'm going to have to think about code changes to fix this in the general
> case. Are you able to compile and test new versions of dnsmasq?
ebtables or iptables can be used to match the source MAC address and
only accept inbound DHCP requests from the relay(s). No change needed
to dnsmasq.
>
>> - does dnsmasq.conf do an AND with dhcp-circuitid
> dhcp-remoteid values?, I mean,
>> should I have more than one switch could dnsmasq sort the first port
>> of the first switch and the first port at the second switch?
>
> Yes, you can do that: The AND function is in dhcp-range: set tags for
> each switch and port and use a switch tag and a port tag in dhcp-range
>
> dhcp-range=net:switch-1,net:port-1,192.168.7.1,192.168.7.4,255.255.255.0
>
> Cheers,
>
> Simon.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list