Configuring a dynamic dhcp-pool with binding to specific ports of Cisco Catalyst
It so happened that my network is built in such a way that IP addresses are issued only to those
clients whose MAC addresses are registered in a self-written network management and traffic accounting system (call this billing language does not rotate).
A few years later, I realized that the network range 192.168.0.0/21 is almost completely packed, with the majority of MAC addresses that are written to the control system database being the addresses of Wi-Fi devices of users who have often been forgotten and not used.
As a result, it was decided to allocate the range 192.168.7.0/24 only specifically for Wi-Fi devices with dynamic allocation of addresses.
')
For this, I calculated on all Cisco switches all Wi-Fi access points by ports and put them into classes on the dhcp server (using isc-dhcpd under Linux).
Network layout:
As you can see in the diagram, there are 6 Cisco Catalyst devices on the network.
In order to see the mac-address of each particular switch, we register in the dhcpd config:
After that, in / var / log / messages we observe the logs of all connections (from which device and which port DHCPINFORM came from):
In the subnet {} block for each device (in fact, the necessary port on the necessary switch) we create a class:
Class names are associated with cabinet numbers: serial number
Create a pool:
As a result, the device included in port 18 on cisco1 or in port 30 on cisco0 will receive an IP address and all settings from the DHCP server, regardless of whether its mac address is registered in the database of the network management system or not.
Further, the hosts with mac and ip-addresses assigned to the registered clients are directly registered in the config.
PS: If the mac-address is registered in the database and the device is included in one of these ports, then the IP address is issued to the one that is registered strictly with the directive host {}
clients whose MAC addresses are registered in a self-written network management and traffic accounting system (call this billing language does not rotate).
A few years later, I realized that the network range 192.168.0.0/21 is almost completely packed, with the majority of MAC addresses that are written to the control system database being the addresses of Wi-Fi devices of users who have often been forgotten and not used.
As a result, it was decided to allocate the range 192.168.7.0/24 only specifically for Wi-Fi devices with dynamic allocation of addresses.
')
For this, I calculated on all Cisco switches all Wi-Fi access points by ports and put them into classes on the dhcp server (using isc-dhcpd under Linux).
Network layout:
As you can see in the diagram, there are 6 Cisco Catalyst devices on the network.
In order to see the mac-address of each particular switch, we register in the dhcpd config:
if exists agent.remote-id and exists agent.circuit-id { if binary-to-ascii(16, 8, "", substring(option agent.remote-id, 2, 1)) = "0" { set switch-mac = concat("0", binary-to-ascii(16, 8, "", substring(option agent.remote-id, 2, 1)), ":", binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 3, 6))); } else { set switch-mac = binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6)); } log(info, "-------------------------------------------------------------------------"); log ( info, concat("Switch MAC: ", switch-mac)); log ( info, concat("Switch Port: ", binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)))); } As a result, the mac addresses of switches were defined as follows:
# Cisco0: 63: 69: 73: 63: 6f: 30
# Cisco1: 63: 69: 73: 63: 6f: 31
# Cisco2: 63: 69: 73: 63: 6f: 32
# Cisco3: 63: 69: 73: 63: 6f: 33
# Cisco 4: 63: 69: 73: 63: 6f: 34
# Cisco5: 63: 69: 73: 63: 6f: 35
# Cisco1: 63: 69: 73: 63: 6f: 31
# Cisco2: 63: 69: 73: 63: 6f: 32
# Cisco3: 63: 69: 73: 63: 6f: 33
# Cisco 4: 63: 69: 73: 63: 6f: 34
# Cisco5: 63: 69: 73: 63: 6f: 35
After that, in / var / log / messages we observe the logs of all connections (from which device and which port DHCPINFORM came from):
dhcpd: ------------------------------------------------------------------------- dhcpd: Switch MAC: 63:69:73:63:6f:32 dhcpd: Switch Port: 6 dhcpd: DHCPINFORM from 192.168.2.55 via eth1 dhcpd: DHCPACK to 192.168.2.55 (xx:xx:xx:xx:xx:xx) via eth1 dhcpd: ------------------------------------------------------------------------- In the subnet {} block for each device (in fact, the necessary port on the necessary switch) we create a class:
class "801:1" { match if binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6)) = "63:69:73:63:6f:31" and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "18"; } # 18 Cisco1 801:1 class "804:1" { match if binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6)) = "63:69:73:63:6f:30" and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "30"; } # 30 cisco0 - 804:1 Class names are associated with cabinet numbers: serial number
Create a pool:
pool { allow members of "801:1"; allow members of "804:1"; ddns-updates off; range 192.168.7.1 192.168.7.254; default-lease-time 3600; max-lease-time 7200; option routers 192.168.0.1; option domain-name-servers 192.168.0.1; } As a result, the device included in port 18 on cisco1 or in port 30 on cisco0 will receive an IP address and all settings from the DHCP server, regardless of whether its mac address is registered in the database of the network management system or not.
Further, the hosts with mac and ip-addresses assigned to the registered clients are directly registered in the config.
PS: If the mac-address is registered in the database and the device is included in one of these ports, then the IP address is issued to the one that is registered strictly with the directive host {}
Source: https://habr.com/ru/post/350678/
All Articles