Mahima Kumar
2014-03-15 00:34:49 UTC
Please take a look at my config or please Can anyone please post here
configuration of a cisco router or switch acting as a dhcp relay agent
which generates circuit id and based on this circuit id i can get my client
authenticated from the freeradius server and client gets ip address from
dhcp server (i have a server which is working fine).
I have tried all the possible configs online , but i am unable to get the
circuit id.
*Cisco 2900 as relay agent configuration :*
Scenario 1 ) client --- cisco router relay agent ---- radius and dhcp server
Router#sh run
Building configuration...
Current configuration : 1330 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip cef
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0
ip dhcp relay information option-insert
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.3.31.40
ip directed-broadcast
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.3.31.250 255.255.255.0
ip directed-broadcast
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ip http server
no ip http secure-server
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
Router#
*DEBUG OUTPUT *
*Mar 14 22:56:53.233: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:53.233: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:53.233: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:53.233: DHCPD: circuit id 00000000
*Mar 14 22:56:53.233: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:53.233: DHCPD: adding relay information option.
*Mar 14 22:56:53.233: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.765: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:56.765: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.765: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.765: DHCPD: circuit id 00000000
*Mar 14 22:56:56.765: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.765: DHCPD: adding relay information option.
*Mar 14 22:56:56.765: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.785: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.785: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.785: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.785: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.785: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.785: DHCPD: relay information option is removed
*Mar 14 22:56:56.785: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar 14 22:56:56.789: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639
.2e32.3463.302d.4769.302f.30 on
interface GigabitEthernet0/0.
*Mar 14 22:56:56.789: DHCPD: Seeing if there is an internally specified
pool class:
*Mar 14 22:56:56.789: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.789: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.789: DHCPD: circuit id 00000000
*Mar 14 22:56:56.789: DHCPD: there is no pool for 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: adding relay information option.
*Mar 14 22:56:56.789: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.805: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.805: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.805: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.805: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.805: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.805: DHCPD: relay information option is removed
*Mar 14 22:56:56.805: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
PROBLEM : the circuit id value is 0. I need a circuit id to authenticate
client from radius server. my client is getting ip address from the dhcp
server, and there is end to end connectivity from client---cisco relay
agent --- radius and dhcp server . But i need to authenticate my client
based on the circuit id generated by the relay agent.
*Scenario 2) Switch 3750 as relay agent *
client --- switch as relay agent --- radius and dhcp server
Switch#sh run
Building configuration...
Current configuration : 1869 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1600
ip subnet-zero
ip routing
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
no switchport
ip address 10.3.31.250 255.255.255.0
!
interface GigabitEthernet1/0/4
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
ip dhcp relay information option-insert
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.3.31.40
!
ip classless
ip http server
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Switch#
*DEBUG OUTPUT: *
*Mar 1 00:36:39.073: DHCPD: interface Vlan5 coming up
*Mar 1 00:36:40.382: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar 1 00:36:40.382: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar 1 00:36:40.382: DHCPD: client's VPN is .
*Mar 1 00:36:40.382: DHCPD: Sending notification of DISCOVER:
*Mar 1 00:36:40.382: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 1 00:36:40.382: DHCPD: remote id 020a0000c0a8010105000000
*Mar 1 00:36:40.382: DHCPD: interface = Vlan5
*Mar 1 00:36:40.382: DHCPD: Looking up binding using address 192.168.1.1
*Mar 1 00:36:40.382: DHCPD: setting giaddr to 192.168.1.1.
*Mar 1 00:36:40.382: DHCPD: adding relay information option.
*Mar 1 00:36:40.382: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 1 00:36:40.407: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 1 00:36:40.407: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar 1 00:36:40.407: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar 1 00:36:40.407: DHCPD: client's VPN is .
*Mar 1 00:36:40.407: DHCPD: DHCPOFFER notify setup address 192.168.1.5
mask 255.255.255.0
*Mar 1 00:36:40.407: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 1 00:36:40.407: DHCPD: Forwarding reply on numbered intf
*Mar 1 00:36:40.407: DHCPD: Option82 is currently:
*Mar 1 00:36:40.407:
0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar 1 00:36:40.407: DHCPD: Removing option82 information
*Mar 1 00:36:40.407: DHCPD: relay information option removed
*Mar 1 00:36:40.407: DHCPD: Option82 is removed
*Mar 1 00:36:40.407: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar 1 00:36:40.407: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar 1 00:36:40.407: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar 1 00:36:40.407: DHCPD: client's VPN is .
*Mar 1 00:36:40.407: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30 on
interface Vlan5.
*Mar 1 00:36:40.407: DHCPD: there is no pool for 192.168.1.1.
*Mar 1 00:36:40.407: DHCPD: Looking up binding using address 192.168.1.1
*Mar 1 00:36:40.407: DHCPD: setting giaddr to 192.168.1.1.
*Mar 1 00:36:40.407: DHCPD: adding relay information option.
*Mar 1 00:36:40.407: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 1 00:36:40.424: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 1 00:36:40.424: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar 1 00:36:40.424: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar 1 00:36:40.424: DHCPD: client's VPN is .
*Mar 1 00:36:40.424: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 1 00:36:40.424: DHCPD: Forwarding reply on numbered intf
*Mar 1 00:36:40.424: DHCPD: Option82 is currently:
*Mar 1 00:36:40.424:
0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar 1 00:36:40.424: DHCPD: Removing option82 information
*Mar 1 00:36:40.424: DHCPD: relay information option removed
*Mar 1 00:36:40.424: DHCPD: Option82 is removed
*Mar 1 00:36:40.424: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*PROBLEM : No circuit id generation which is required by me.*
Regards,
Mahima Kumar
1365962
configuration of a cisco router or switch acting as a dhcp relay agent
which generates circuit id and based on this circuit id i can get my client
authenticated from the freeradius server and client gets ip address from
dhcp server (i have a server which is working fine).
I have tried all the possible configs online , but i am unable to get the
circuit id.
*Cisco 2900 as relay agent configuration :*
Scenario 1 ) client --- cisco router relay agent ---- radius and dhcp server
Router#sh run
Building configuration...
Current configuration : 1330 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip cef
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!
!
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0
ip dhcp relay information option-insert
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.3.31.40
ip directed-broadcast
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.3.31.250 255.255.255.0
ip directed-broadcast
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
no ip address
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ip http server
no ip http secure-server
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end
Router#
*DEBUG OUTPUT *
*Mar 14 22:56:53.233: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:53.233: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:53.233: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:53.233: DHCPD: circuit id 00000000
*Mar 14 22:56:53.233: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:53.233: DHCPD: adding relay information option.
*Mar 14 22:56:53.233: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.765: DHCPD: Sending notification of DISCOVER:
*Mar 14 22:56:56.765: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.765: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.765: DHCPD: circuit id 00000000
*Mar 14 22:56:56.765: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.765: DHCPD: adding relay information option.
*Mar 14 22:56:56.765: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.785: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.785: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.785: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.785: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.785: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.785: DHCPD: relay information option is removed
*Mar 14 22:56:56.785: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar 14 22:56:56.789: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639
.2e32.3463.302d.4769.302f.30 on
interface GigabitEthernet0/0.
*Mar 14 22:56:56.789: DHCPD: Seeing if there is an internally specified
pool class:
*Mar 14 22:56:56.789: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 14 22:56:56.789: DHCPD: remote id 020a0000c0a8010100000000
*Mar 14 22:56:56.789: DHCPD: circuit id 00000000
*Mar 14 22:56:56.789: DHCPD: there is no pool for 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: setting giaddr to 192.168.1.1.
*Mar 14 22:56:56.789: DHCPD: adding relay information option.
*Mar 14 22:56:56.789: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463
.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 14 22:56:56.805: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 14 22:56:56.805: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 14 22:56:56.805: DHCPD: No vpn from sub-option, using global
*Mar 14 22:56:56.805: DHCPD: Setting giaddr to 192.168.1.1
*Mar 14 22:56:56.805: DHCPD: Forwarding reply on numbered intf
*Mar 14 22:56:56.805: DHCPD: relay information option is removed
*Mar 14 22:56:56.805: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
PROBLEM : the circuit id value is 0. I need a circuit id to authenticate
client from radius server. my client is getting ip address from the dhcp
server, and there is end to end connectivity from client---cisco relay
agent --- radius and dhcp server . But i need to authenticate my client
based on the circuit id generated by the relay agent.
*Scenario 2) Switch 3750 as relay agent *
client --- switch as relay agent --- radius and dhcp server
Switch#sh run
Building configuration...
Current configuration : 1869 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1600
ip subnet-zero
ip routing
ip dhcp relay information option
no ip dhcp relay information check
ip dhcp relay information trust-all
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
no switchport
ip address 10.3.31.250 255.255.255.0
!
interface GigabitEthernet1/0/4
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan5
ip dhcp relay information option-insert
ip address 192.168.1.1 255.255.255.0
ip helper-address 10.3.31.40
!
ip classless
ip http server
!
control-plane
!
!
line con 0
line vty 5 15
!
end
Switch#
*DEBUG OUTPUT: *
*Mar 1 00:36:39.073: DHCPD: interface Vlan5 coming up
*Mar 1 00:36:40.382: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar 1 00:36:40.382: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar 1 00:36:40.382: DHCPD: client's VPN is .
*Mar 1 00:36:40.382: DHCPD: Sending notification of DISCOVER:
*Mar 1 00:36:40.382: DHCPD: htype 1 chaddr 0017.e069.24c0
*Mar 1 00:36:40.382: DHCPD: remote id 020a0000c0a8010105000000
*Mar 1 00:36:40.382: DHCPD: interface = Vlan5
*Mar 1 00:36:40.382: DHCPD: Looking up binding using address 192.168.1.1
*Mar 1 00:36:40.382: DHCPD: setting giaddr to 192.168.1.1.
*Mar 1 00:36:40.382: DHCPD: adding relay information option.
*Mar 1 00:36:40.382: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 1 00:36:40.407: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 1 00:36:40.407: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar 1 00:36:40.407: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar 1 00:36:40.407: DHCPD: client's VPN is .
*Mar 1 00:36:40.407: DHCPD: DHCPOFFER notify setup address 192.168.1.5
mask 255.255.255.0
*Mar 1 00:36:40.407: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 1 00:36:40.407: DHCPD: Forwarding reply on numbered intf
*Mar 1 00:36:40.407: DHCPD: Option82 is currently:
*Mar 1 00:36:40.407:
0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar 1 00:36:40.407: DHCPD: Removing option82 information
*Mar 1 00:36:40.407: DHCPD: relay information option removed
*Mar 1 00:36:40.407: DHCPD: Option82 is removed
*Mar 1 00:36:40.407: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*Mar 1 00:36:40.407: DHCPD: Reload workspace interface Vlan5 tableid 0.
*Mar 1 00:36:40.407: DHCPD: tableid for 192.168.1.1 on Vlan5 is 0
*Mar 1 00:36:40.407: DHCPD: client's VPN is .
*Mar 1 00:36:40.407: DHCPD: Finding a relay for client
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30 on
interface Vlan5.
*Mar 1 00:36:40.407: DHCPD: there is no pool for 192.168.1.1.
*Mar 1 00:36:40.407: DHCPD: Looking up binding using address 192.168.1.1
*Mar 1 00:36:40.407: DHCPD: setting giaddr to 192.168.1.1.
*Mar 1 00:36:40.407: DHCPD: adding relay information option.
*Mar 1 00:36:40.407: DHCPD: BOOTREQUEST from
0063.6973.636f.2d30.3031.372e.6530.3639.2e32.3463.302d.4769.302f.30
forwarded to 10.3.31.40.
*Mar 1 00:36:40.424: DHCP: XID did NOT MATCH in dhcpc_for_us()
*Mar 1 00:36:40.424: DHCPD: Reload workspace interface
GigabitEthernet1/0/3 tableid 0.
*Mar 1 00:36:40.424: DHCPD: tableid for 10.3.31.250 on
GigabitEthernet1/0/3 is 0
*Mar 1 00:36:40.424: DHCPD: client's VPN is .
*Mar 1 00:36:40.424: DHCPD: forwarding BOOTREPLY to client 0017.e069.24c0.
*Mar 1 00:36:40.424: DHCPD: Forwarding reply on numbered intf
*Mar 1 00:36:40.424: DHCPD: Option82 is currently:
*Mar 1 00:36:40.424:
0109312f312f313a31303002157375622d70726f662d312d736c612d70726f662d31
*Mar 1 00:36:40.424: DHCPD: Removing option82 information
*Mar 1 00:36:40.424: DHCPD: relay information option removed
*Mar 1 00:36:40.424: DHCPD: Option82 is removed
*Mar 1 00:36:40.424: DHCPD: broadcasting BOOTREPLY to client
0017.e069.24c0.
*PROBLEM : No circuit id generation which is required by me.*
Regards,
Mahima Kumar
1365962