dhcp

The DHCP functionality is defined as a separate virtual server.

Defines a DHCP socket.

The default port below is given the value of 6700 so that the network doesn’t break. To do real DHCP, change the default port to 67, but this is not recommended.

The DHCP socket can also be bound to an interface. See below and raddb/radiusd.conf for examples.

You can therefore run a single DHCP server instance listening on multiple interfaces, each with a separate policy.

For multiple interfaces, it is a good idea to bind the listen section to an interface. One listen section is required per interface.

FreeBSD does not support binding sockets to interfaces. Therefore, if multiple interfaces are present, broadcasts may go out of the wrong one or even out of all the interfaces. The solution is to use the "setfib" command. If a network "10.10.0/24" is present on LAN1, then the following is required:

Pick any IP on the 10.10.0/24 network

#	$ setfib 1 route add default 10.10.0.1

Edit /etc/rc.local, and add a line:

#	setfib 1 /path/to/radiusd

The kern must be built with the following options:

#	options    ROUTETABLES=2

or any value larger than 2.

The only other solution is to update FreeRADIUS to use BPF sockets.

server dhcp

listen {
	type = dhcp
	ipaddr = 127.0.0.1
	src_ipaddr = 127.0.0.1
	port = 6700
#	interface = lo0
	broadcast = no
}

DHCP-Discover

Packets received on the socket will be processed through one of the following sections, which are named after the DHCP packet type. See dictionary.dhcp for the packet types.

Return packets will be sent to, in preference order:

DHCP-Gateway-IP-Address
DHCP-Client-IP-Address
DHCP-Your-IP-Address

At least one of these attributes should be set at the end of each section for a response to be sent.

DHCP-Discover {

Sets the type of packet to send in reply.

The server will look at the DHCP-Message-Type attribute to determine the type of packet to send in reply. Common values would be DHCP-Offer, DHCP-Ack, and DHCP-NAK. See dictionary.dhcp for all the possible values.

DHCP-Do-Not-Respond can be used to tell the server to not respond.

In the event that DHCP-Message-Type is not set then the server will fall back to determining the type of reply based on the rcode of this section:

	update reply {
	       DHCP-Message-Type = DHCP-Offer
	}

The contents here are invented and should be changed:

	update reply {
		DHCP-Domain-Name-Server = 127.0.0.1
		DHCP-Domain-Name-Server = 127.0.0.2
		DHCP-Subnet-Mask = 255.255.255.0
		DHCP-Router-Address = 192.0.2.1
		DHCP-IP-Address-Lease-Time = 86400
		DHCP-DHCP-Server-Identifier = 192.0.2.1
	}

The following does a simple mapping of MAC to assigned IP.

See below for the definition of the "mac2ip" module.

	#mac2ip

If the MAC wasn’t found in that list, do one of the following: call a Perl, Python, or Java script here.

	#if (notfound) {
	# ...
	#}

Alternatively, allocate IPs from the DHCP pool in SQL. Set the pool name here if it hasn’t been set elsewhere.

#	update control {
#		Pool-Name := "local"
#	}
#	dhcp_sqlippool

If DHCP-Message-Type is not set, then returning "ok" or "updated" from this section will respond with a DHCP-Offer message.

Other rcodes will tell the server to not return any response.

	ok
}

DHCP-Request

dhcp DHCP-Request {

Response packet type. See DHCP-Discover section above.

	update reply {
	       DHCP-Message-Type = DHCP-Ack
	}

The contents here are invented and should be changed:

	update reply {
		DHCP-Domain-Name-Server = 127.0.0.1
		DHCP-Domain-Name-Server = 127.0.0.2
		DHCP-Subnet-Mask = 255.255.255.0
		DHCP-Router-Address = 192.0.2.1
		DHCP-IP-Address-Lease-Time = 86400
		DHCP-DHCP-Server-Identifier = 192.0.2.1
	}

The following does a simple mapping of MAC to assigned IP.

See below for the definition of the "mac2ip" module.

	#mac2ip

If the MAC wasn’t found in that list, do one of the following: call a Perl, Python, or Java script here.

	#if (notfound) {
	# ...
	#}

Alternatively, allocate IPs from the DHCP pool in SQL. Set the pool name here if it hasn’t been set elsewhere.

#	update control {
#		Pool-Name := "local"
#	}
#	dhcp_sqlippool

If DHCP-Message-Type is not set, returning "ok" or "updated" from this section will respond with a DHCP-Ack packet; "handled" will not return a packet, and all other rcodes will send back a DHCP-NAK.

	ok
}

Other DHCP packet types

There should be a separate section for each DHCP message type. By default this configuration will ignore them all. Any packet type not defined here will be responded to with a DHCP-NAK.

dhcp DHCP-Decline {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}

dhcp DHCP-Inform {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}

dhcp DHCP-Release {
	update reply {
	       DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}
}