DHCPD match option remote.agent-id

[switchman77]

I am trying to get my dhcp server to issue IPs based on Option 82 information. I have tried several match statements without success. My dhcp config loads fine. Included is a tcpdump header outlining the Option 82 information being sent by the requesting device. As you can see it includes agent.circuit-ID (suboption 1) and unknown (suboption 2) which is the agent.remote-ID.

Since there is no match to the class statements my end device is pulling an IP out of the base pool. I can look up the IP pulled in the dhcpd.leases file shows both agent.circuit-ID and agent.remote-ID as the following MAC addresses:
agent.circuit-ID 00:01:AA:01:B7:78
agent.remote-ID 00:A0:0A:C4:CC:76

I am would like to match the agent.remote-id, I just put the other in the subclass for a test. If anyone can show me how to match the patcket header I would greatly appreciate it.

class "Pool1" {
match option agent.remote-id ;
}
subclass "Pool1" 00:01:AA:01:B7:78;
subclass "Pool1" 00:A0:0A:C4:CC:76;

class "Pool2" {
match substring (option agent.remote-id,2,6);
}
subclass "Pool2" 00:A0:0A:C4:CC:76;


shared-network Public {

subnet 64.71.222.0 netmask 255.255.254.0 {
authoritative;
option routers 64.71.222.1;
option subnet-mask 255.255.254.0;
option domain-name-servers 64.71.218.3,64.71.219.3;
range dynamic-bootp 64.71.222.3 64.71.222.254;
range dynamic-bootp 64.71.223.3 64.71.223.254;
default-lease-time 21600;
max-lease-time 43200;
}

subnet 24.248.109.192 netmask 255.255.255.224 {
# DHCP Pool1
pool {
allow members of "Pool1";
range 24.248.109.194 24.248.109.222;
option routers 24.248.109.193;
option subnet-mask 255.255.255.224;
option domain-name-servers 64.71.218.3,64.71.219.3;
default-lease-time 600;
max-lease-time 600;
}
}

subnet 24.248.109.224 netmask 255.255.255.224 {
# DHCP Pool2
pool {
allow members of "Pool2";
range 24.248.109.226 24.248.109.254;
option routers 24.248.109.225;
option subnet-mask 255.255.255.224;
option domain-name-servers 64.71.218.3,64.71.219.3;
default-lease-time 600;
max-lease-time 600;
}
}
}

tcpdump:
Agent-Information Option 82, length 38:
Circuit-ID SubOption 1, length 17: 00:01:AA:01:B7:78
Unknown SubOption 2, length 17:
0x0000: 3030 3a41 303a 3041 3a43 343a 4343 3a37
0x0010: 36
0x0000: 4500 017d 1413 0000 8011 255e 0000 0000 E..}......%^....
0x0010: ffff ffff 0044 0043 0169 f3f2 0101 0600 .....D.C.i......
0x0020: b598 79f9 0000 0000 0000 0000 0000 0000 ..y.............
0x0030: 0000 0000 0000 0000 0019 b958 da2c 0000 ...........X.,..
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0100: 0000 0000 0000 0000 6382 5363 3501 033d ........c.Sc5..=
0x0110: 0701 0019 b958 da2c 3204 4047 dffe 3604 .....X.,2.@G..6.
0x0120: 4047 da10 0c06 4477 6967 6874 510a 0000 @G....DwightQ...
0x0130: 0044 7769 6768 742e 3c08 4d53 4654 2035 .Dwight.<.MSFT.5
0x0140: 2e30 370b 010f 0306 2c2e 2f1f 21f9 2b2b .07.....,./.!.++
0x0150: 03dc 0100 5226 0111 3030 3a30 313a 4141 ....R&..00:01:AA
0x0160: 3a30 313a 4237 3a37 3802 1130 303a 4130 :01:B7:78..00:A0
0x0170: 3a30 413a 4334 3a43 433a 3736 ff :0A:C4:CC:76.


dhcpd.leases file:
lease 64.71.222.247 {
starts 3 2009/02/04 20:12:32;
ends 4 2009/02/05 02:12:32;
binding state active;
next binding state free;
hardware ethernet 00:19:b9:58:da:2c;
uid "\001\000\031\271X\332,";
option agent.circuit-id "00:01:AA:01:B7:78";
option agent.remote-id "00:A0:0A:C4:CC:76";

Thanks,

[switchman77]

In case anyone else is trying to do this I thought I would post the solution. It was operator error as usual. I had it right on several attempts but as I had already pulled an IP from the base pool it was giving me the same IP back per the leases file instead of using the classes I had created. After optioning out the base pool ranges it finally worked. I further modified the base pool to deny classed requests.

Working config:

class "Pool1" {
match option agent.remote-id;
}

subclass "Pool1" "00:A0:0A:C4:CC:76";
# subclass "Pool1" "00:A0:0A:C5:E6:B4";

class "Pool2" {
match option agent.remote-id;
}

# subclass "Pool2" "00:A0:0A:C4:CC:76";
subclass "Pool2" "00:A0:0A:C5:E6:B4";


shared-network Public {

subnet 64.71.222.0 netmask 255.255.254.0 {

pool {
deny members of "Pool1";
deny members of "Pool2";
option routers 64.71.222.1;
option subnet-mask 255.255.254.0;
option domain-name-servers 64.71.218.3, 64.71.219.3;
range dynamic-bootp 64.71.222.3 64.71.222.254;
range dynamic-bootp 64.71.223.3 64.71.223.254;
default-lease-time 21600;
max-lease-time 43200;
}
}

subnet 24.248.109.192 netmask 255.255.255.224 {
pool {
allow members of "Pool1";
range 24.248.109.194 24.248.109.222;
option routers 24.248.109.193;
option subnet-mask 255.255.255.224;
option domain-name-servers 64.71.218.3,64.71.219.3;
default-lease-time 21600;
max-lease-time 43200;
}
}

subnet 24.248.109.224 netmask 255.255.255.224 {
pool {
allow members of "Pool2";
range 24.248.109.226 24.248.109.254;
option routers 24.248.109.225;
option subnet-mask 255.255.255.224;
option domain-name-servers 64.71.218.3,64.71.219.3;
default-lease-time 21600;
max-lease-time 43200;
}
}
}
}