Configure dynamic dhcp-pool with binding to specific Cisco Catalyst ports

  • Tutorial
It so happened that my network was built in such a way that IP addresses are issued only to those
clients whose MAC addresses are registered in the network management and traffic accounting system (to call this a billing language does not work).

After a few years, I realized that the range of the network 192.168.0.0/21 was almost full, and most of the MAC addresses specified in the database were addresses of Wi-Fi devices of users that were often forgotten and not used for a long time.

As a result, it was decided to allocate the range 192.168.7.0/24 only specifically for Wi-Fi devices with dynamic allocation of addresses.

To do this, I calculated all Wi-Fi access points on ports on all Cisco switches and registered them in classes on a dhcp server (isc-dhcpd for Linux is used).

Network diagram:

image

As you can see in the diagram, there are 6 Cisco Catalyst devices on the network.

In order to see the mac-address of each specific switch, write dhcpd in the config:

if exists agent.remote-id and exists agent.circuit-id 
{
    if binary-to-ascii(16, 8, "", substring(option agent.remote-id, 2, 1)) = "0" {
        set switch-mac = concat("0", binary-to-ascii(16, 8, "", substring(option agent.remote-id, 2, 1)), ":", binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 3, 6)));
    } else {
        set switch-mac = binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6));
    }
    log(info, "-------------------------------------------------------------------------");
    log ( info, concat("Switch MAC: ", switch-mac));
    log ( info, concat("Switch Port: ", binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1))));
}

As a result, the mac addresses of the switches were defined as follows:
# Cisco0: 63: 69: 73: 63: 6f: 30
# Cisco1: 63: 69: 73: 63: 6f: 31
# Cisco2: 63: 69: 73: 63: 6f: 32
# Cisco3: 63:69:73 : 63: 6f: 33
# Cisco4: 63: 69: 73: 63: 6f: 34
# Cisco5: 63: 69: 73: 63: 6f: 35

After that, in / var / log / messages we see the logs of all connections (from which device and which port DHCPINFORM came from):

dhcpd: -------------------------------------------------------------------------
dhcpd: Switch MAC: 63:69:73:63:6f:32
dhcpd: Switch Port: 6
dhcpd: DHCPINFORM from 192.168.2.55 via eth1
dhcpd: DHCPACK to 192.168.2.55 (xx:xx:xx:xx:xx:xx) via eth1
dhcpd: -------------------------------------------------------------------------

In the subnet {} block for each device (essentially the desired port on the desired switch), create a class:

class "801:1" {
      match if binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6)) = "63:69:73:63:6f:31" and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "18";
}
# Порт 18 на Cisco1 у меня попадает в класс 801:1
class "804:1" {
      match if binary-to-ascii(16, 8, ":", substring(option agent.remote-id, 2, 6)) = "63:69:73:63:6f:30" and binary-to-ascii(10, 8, "", substring(option agent.circuit-id, 5, 1)) = "30";
}
# Порт 30 на cisco0 - класс 804:1

Class names are associated with cabinet numbers: serial number

Create a pool:

pool {
        allow members of "801:1";
        allow members of "804:1";
        ddns-updates off;
        range 192.168.7.1 192.168.7.254;
        default-lease-time 3600;
        max-lease-time 7200;
        option routers 192.168.0.1;
        option domain-name-servers 192.168.0.1;
}

As a result, the device connected to port 18 on cisco1 or to port 30 on cisco0 will receive an IP address and all settings from the DHCP server, regardless of whether its mac address is registered in the database of the network management system or not.

Further in the config are directly registered hosts with mac and ip-addresses assigned to registered clients.

PS: If the mac-address is registered in the database and the device is included in one of these ports, then the IP-address will be given to it that is registered with the host {} directive

Also popular now: