ISC-DHCP server not matching partial of the MAC address
-
Hi all,
Let me explain a bit off the situation I have at the moment. The idea witch was working properly under a CentOS environment. We have different types of IP phones, YEALINK , AASTRA, SNOM and so on in ore company.
To provision all these different phones we were using substring (hardware) match on the first 6 digits of the MAC address.
Now days we are working with the PfSense and it is also or DHCP server. When I do a option 66 text http://xxx.xxx.xxx.xxx/ps/snom/cfg, I only will get the write provisioning for all or SNOM Phones. So no auto provisioning for the other types off IP PHONES.
So there for I made Additional Pools in ore DHCP server.
Pool Description YEALINK
range: xxx.xxx.128.1 - xxx.xxx.128.10
MAC Address Control: 00:15:65
TFTP server: http://xxx.xxx.xxx.xxx./ps/yealink/cfg/Pool Description AASTRA
range: xxx.xxx.128.11 - xxx.xxx.128.19
MAC Address Control: 00:15:65
TFTP server: http://xxx.xxx.xxx.xxx./ps/aastra/cfg/So did a factory reset on the YEALINK PHONE and this will not get a ip address for the pool that I created. It will get a ip address outside the pool. And this will go to option 66 and tring to get a snom firmware.
Did read this articel but with no use. https://redmine.pfsense.org/issues/2241
here is the out put off the dhcpd.conf
class "001565" {
match if substring (hardware, 1, 3) = 00:15:65;
}
class "00085D" {
match if substring (hardware, 1, 3) = 00:08:5D;
}
subnet xxx.xxx.128.0 netmask 255.255.252.0 {
pool {
option domain-name-servers xxx.xxxx.131.254;
ddns-update-style interim;
range xxx.xxxx.128.20 xxx.xxx.129.254;
}pool {
option domain-name-servers xxx.xxx.131.254;
allow members of "001565";
option tftp-server-name "http://xxx.xxx.xxx.xxx/ps/yealink/cfg/";
range xxx.xxx.128.1 xxx.xxx.128.10;
}pool {
option domain-name-servers xxx.xxx.131.254;
allow members of "00085D";
option tftp-server-name "http://xxx.xxx.xxx.xxx//ps/aastra/cfg";
range xxx.xxx.128.11 xxx.xxx.128.19;The manual says ass following http://linux.die.net/man/5/dhcpd.conf
So tried with quotes, but no luckclass "my-clients" {
match if substring (hardware,1,8) = "00:1D:92" ;
}
pool {
range 192.168.165.10 192.168.165.20;
allow members of "my-clients" ;
}When I add the mac address to the "DHCP Static Mapping" The mac address will get the write provisioning.
MAC ADDRESS: 00:15:65:2a:08:36
CLIENT identifier: TEST
TFTP Server: http://xxx.xxx.xxx.xxx/ps/yealink/cfg/Im reading in the Pfsense manual that maching partial of the MAC address is possible. So why is the pool not working for me?
here the output off tcpdump -vvv -i em1 port bootpc
15:10:53.867289 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:15:65:2a:08:36 (oui Unknown), length 548, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 00:15:65:2a:08:36
T125 Option 125, length 37: 0.0.13.233.32.1.6.48.48.49.53.54.53.2.12.48.48.49.53.54.53.50.97.48.56.51.54.3.8.83.73.80.45.84.50.50.80
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 17:
Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
Domain-Name-Server, LOG, Hostname, Domain-Name
BR, NTP, TFTP, BF
Vendor-Option, Option 132, Option 133, Option 120
Lease-Time
Hostname Option 12, length 8: "SIP-T22P"
Vendor-Class Option 60, length 7: "yealink"
END Option 255, length 0
PAD Option 0, length 0, occurs 214
15:10:54.879881 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 333)
pfSense.ipgroup.bootps > 10.254.129.106.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 305, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Your-IP xxx.xxx.129.106
Server-IP bla.bla.local
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
file "/pxelinux.0"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: pfSense.test
Lease-Time Option 51, length 4: 86400
Subnet-Mask Option 1, length 4: 255.255.252.0
Default-Gateway Option 3, length 4: pfSense.test
Domain-Name-Server Option 6, length 4: pfSense.test
Domain-Name Option 15, length 13: "ipgroup.test"
Vendor-Option Option 43, length 14: 49.48.46.50.53.52.46.49.51.49.46.49.51.50
END Option 255, length 0
15:10:54.926611 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)15:10:54.926611 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:15:65:2a:08:36 (oui Unknown), length 548, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether 00:15:65:2a:08:36
Requested-IP Option 50, length 4: xxx.xxx.129.106
Server-ID Option 54, length 4: pfSense.test
T125 Option 125, length 37: 0.0.13.233.32.1.6.48.48.49.53.54.53.2.12.48.48.49.53.54.53.50.97.48.56.51.54.3.8.83.73.80.45.84.50.50.80
Parameter-Request Option 55, length 17:
Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
Domain-Name-Server, LOG, Hostname, Domain-Name
BR, NTP, TFTP, BF
Vendor-Option, Option 132, Option 133, Option 120
Lease-Time
Hostname Option 12, length 8: "SIP-T22P"
Vendor-Class Option 60, length 7: "yealink"
END Option 255, length 0
PAD Option 0, length 0, occurs 206
15:10:54.927888 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 333)15:10:54.927888 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 333)
pfSense.test.bootps > xxx.xxx.129.106.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 305, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Your-IP 10.254.129.106
Server-IP bla.bla.local
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
file "/pxelinux.0"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: ACK
Server-ID Option 54, length 4: pfSense.test
Lease-Time Option 51, length 4: 86400
Subnet-Mask Option 1, length 4: 255.255.252.0
Default-Gateway Option 3, length 4: pfSense.test
Domain-Name-Server Option 6, length 4: pfSense.test
Domain-Name Option 15, length 13: "test.local"
Vendor-Option Option 43, length 14: 49.48.46.50.53.52.46.49.51.49.46.49.51.50
END Option 255, length 015:11:00.716888 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
xxx.xxx.129.106.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:15:65:2a:08:36 (oui Unknown), length 548, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Client-IP 10.254.129.106
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Inform
Client-ID Option 61, length 7: ether 00:15:65:2a:08:36
T125 Option 125, length 37: 0.0.13.233.32.1.6.48.48.49.53.54.53.2.12.48.48.49.53.54.53.50.97.48.56.51.54.3.8.83.73.80.45.84.50.50.80
Requested-IP Option 50, length 4: 10.254.129.106
Parameter-Request Option 55, length 17:
Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
Domain-Name-Server, LOG, Hostname, Domain-Name
BR, NTP, TFTP, BF
Vendor-Option, Option 132, Option 133, Option 120
Lease-Time
Hostname Option 12, length 8: "SIP-T22P"
Vendor-Class Option 60, length 7: "yealink"
END Option 255, length 0
PAD Option 0, length 0, occurs 21215:11:03.809395 IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 576)
xxx.xxx.129.106.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:15:65:2a:08:36 (oui Unknown), length 548, xid 0xab36593e, secs 100, Flags [none] (0x0000)
Client-IP xxx.xxx.129.106
Client-Ethernet-Address 00:15:65:2a:08:36 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Inform
Client-ID Option 61, length 7: ether 00:15:65:2a:08:36
T125 Option 125, length 37: 0.0.13.233.32.1.6.48.48.49.53.54.53.2.12.48.48.49.53.54.53.50.97.48.56.51.54.3.8.83.73.80.45.84.50.50.80
Requested-IP Option 50, length 4: 10.254.129.106
Parameter-Request Option 55, length 17:
Subnet-Mask, Time-Zone, Default-Gateway, Time-Server
Domain-Name-Server, LOG, Hostname, Domain-Name
BR, NTP, TFTP, BF
Vendor-Option, Option 132, Option 133, Option 120
Lease-Time
Hostname Option 12, length 8: "SIP-T22P"
Vendor-Class Option 60, length 7: "yealink"
END Option 255, length 0
PAD Option 0, length 0, occurs 212 -
The DHCP server web configuration GUI of pfSense is not designed for this type of application.
You'd be better off leaving this DHCP configuration on the PBX. -
Well this is a bit strage because on centos we use the same isc dhcp server. Where i could pass dhcp options and this would match on mac digitis. So why is it not posible with the pfsense dhcp server. The option are the same. Also edit the dhcpd.conf on the pfsense to test some options to test. Yes i know that a restart would set the dhcpd.conf to default
Kill -HUP processid dhcp sould do the trick.
The issue seems to be that it is not matching the mac address first 6 digits.
-
Any changes you made outside of the GUI will be overwritten. This will NOT work.
-
Well this is a bit strage because on centos we use the same isc dhcp server. Where i could pass dhcp options and this would match on mac digitis. So why is it not posible with the pfsense dhcp server. The option are the same. Also edit the dhcpd.conf on the pfsense to test some options to test. Yes i know that a restart would set the dhcpd.conf to default
Kill -HUP processid dhcp sould do the trick.
The issue seems to be that it is not matching the mac address first 6 digits.
You are trying to use pfSense for something that it wasn't intended for.
Just because you could make hard boiled eggs in your microwave doesn't mean that you should, or that it is a good idea.
-
People come on. These are just standard options for a isc dhcp and pfsense is running isc dhcp server. This is just a layar 2 match on mac. We do not doi g a cooking lesson here. We all are sysadmins and we wont to know the reason why this is not working. Right now i do not care about the gui. That we could make changes i the services.inc
-
Fount a answer…and this is working..
http://lists.pfsense.org/pipermail/dev/2015-October/000720.html
-
Glad you found an answer.
There are a couple of inconsistencies in the original question, and the isc-dhcp man page isn't any more helpful in clearing this up.
You make reference to
substring (hardware,1,8) = "00:1D:92" ;
and
substring (hardware, 1, 3) = 00:15:65;
and
substring (hardware, 1, 3) = 00:08:5D;I notice one is using a length of 8, which if looking strictly at ASCII characters matches 00:1D:92
While the other two references are only using a length of 3, so it will match in both cases to 00:, assuming it is looking at ASCII characters, in which case it would only ever match the first case.Lastly, since vendors don't always occupy the same MAC address space; just look at how many prefixes Cisco/Linksys uses, I'd recommend using vendor classes instead, that way, irrespective of what MAC address is presented, it will match based on the vendor class (option 60) sent from the client to the DHCP server.
Infact, you can even see that in the packet capture you took:
Vendor-Class Option 60, length 7: "yealink"So it becomes substring (option vendor-class-identifier, 0, 7) = "yealink";
Just my 2¢
-
Referance to the man page was because it uses quotes arroud mac addresses. Cisco we do not use, yealink,snom,aastra what we use.. So vendor-class-identifier is irralefent for us. And also with pfsense you can use dhcp option like 60 or 66 ones in the main pool. I a sub pool only mac bases restrictions are posible.
Well any way this works for us.