Hello Fajar/Alan
Thanks for u r quick Responses !!
I already configured DHCP Server that handles option 82 of DHCP Requests. But
new to RADIUS stuff. For security reasons, We want to introduce radius so DHCP
Offer is to be made only to authenticated clients.
I just need a idea to have correct direction. After reading your response (
Correct me if my understanding is wrong ) now I have to configure my DHCP
Server to speak with FR before giving DHCP OFFER.
(1)DHCP Client--->(2)Cisco Switch(Adds option 82)--->(3)Relay Agent--->(4)DHCP
Server (Authenticate DHCP Discovery)----->(5)FRADIUS
(8)DHCP OFFER
<------- (7)DHCP Server < -------(6)(ACCEPT/ACCEPt)<------
Br.
Sachin Sharma
-----Original Message-----
From: freeradius-users-bounces+sachin.sharma=wipro....@lists.freeradius.org
[mailto:freeradius-users-bounces+sachin.sharma=wipro....@lists.freeradius.org]
On Behalf Of Fajar A. Nugraha
Sent: Wednesday, February 22, 2012 2:29 PM
To: FreeRadius users mailing list
Subject: Re: FreeRadius to authenticate DHCP Requests with Option82
On Wed, Feb 22, 2012 at 3:16 PM, <sachin.sha...@wipro.com> wrote:
> Hello all,
>
> I am implementing Free Radius to authenticate DHCP Requests with Option82.
> I have configured DHCP Relay Agent, DHCP Snooping in CISCO Switch and
> DHCP Server. Now i have to configure RADIUS for option82.
Are you trying to configure a RADIUS server, or a DHCP server?
Freeradius can function as both, but the configuration is different.
>
> Please help me to configure RADIUS for DHCP option82.
See my previous question.
> Also i am not clear
> who will authenticate to RADIUS, Switch,DHCP Relay Agent or DHCP Server.
> After reading docs i guess it's DHCP Server ....
You might have just answered your own question :)
Two possibilities:
(1) If I understand your question correctly, you DON'T configure a radius
server for DHCP option 82. Instead, you configure a DHCP server that can
understand and process option 82.
FR SHOULD be able to function as DHCP server that handles option 82, BUT there
are things that require some kind of advanced knowledge. For
example:
- you need to enable DHCP functionality expicility during compilation, or use
latest master or v2.1.x branch from git (which should enable it by default)
- you need to write your own logic on how to handle option 82
(DHCP-Agent-Circuit-Id and DHCP-Agent-Remote-Id attributes). The git version
have an example of sqlippool module that handles static and dynamic IP
assignment, but it doesn't process those two attributes.
You need to modify it yourself.
So in short, it SHOULD be possible with FR, but requires some effort.
Depending on your skill and knowledge, you might be better of using another
DHCP server
(2) If I misunderstood your question, and what you need is simply for a radius
server that sends a particular attribute, then you need to know what attribute
it is, and what value it should contain. Once you have that, implementing it in
FR should be easy.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.wipro.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
