Test the DHCP Service
We can verify that FreeRADIUS is providing a DHCP service using the
dhcpclient tool that is included with the FreeRADIUS distribution.
Temporarily configure FreeRADIUS to issue a single static IP address to all
clients by updating the recv Discover section in the dhcp virtual
server to include the following:
update reply {
Your-IP-Address := 1.2.3.4
}Define a sample DHCP packet as follows:
cat <<EOF > dhcp-packet.txt
Message-Type := Discover
Client-Hardware-Address := 02:01:aa:bb:cc:dd
Client-Identifier := abc123
EOFWe can generate this packet by invoking one of the following commands based on the current circumstances.
From the host that is running the FreeRADIUS DHCP server:
dhcpclient -i lo 255.255.255.255 -f dhcp-packet.txt -x autoFrom a different host with an interface (eth0) in the same broadcast domain as the FreeRADIUS DHCP server:
dhcpclient -i eth0 255.255.255.255 -f dhcp-packet.txt -x autoIf all of the DHCP broadcast traffic in other Layer 2 networks is converted to unicast by DHCP relay agents then it is not necessary for FreeRADIUS to listen on a broadcast address. In this case you can test DHCP using a unicast request:
dhcpclient 192.0.2.10 -f dhcp-packet.txt -x auto|
In order for the returned, unicast DHCP OFFER to be received it is necessary to
ensure that the |
When one of the above commands is run, the tool generates output such as the following which shows that the packet was sent and that it is now waiting for replies:
dhcpclient: ... ---------------------------------------------------------------------- Opcode = ::Client-Message Hardware-Type = 0x01 Hardware-Address-Length = 0x06 Hop-Count = 0x00 Transaction-Id = 0x5e0bbfab Number-of-Seconds = 0x0000 Flags = 0x0000 Client-IP-Address = 0x00000000 Your-IP-Address = 0x00000000 Server-IP-Address = 0x00000000 Gateway-IP-Address = 0x00000000 ... ---------------------------------------------------------------------- Waiting for DHCP replies for: 5.000000 ----------------------------------------------------------------------
Each received DHCP response will generate output such as the following:
... ---------------------------------------------------------------------- Opcode = ::Server-Message Hardware-Type = Ethernet Hardware-Address-Length = 6 Hop-Count = 0 Transaction-Id = 1577828267 Number-of-Seconds = 0 Flags = 0 Client-IP-Address = 0.0.0.0 Your-IP-Address = 1.2.3.4 Server-IP-Address = 192.0.2.10 Gateway-IP-Address = 0.0.0.0 Client-Hardware-Address = 02:42:0a:00:00:0b Message-Type = ::Offer Client-Identifier = 0x616263313233 Waiting for additional DHCP replies for: 4.999429 ...
Examine the DHCP response to ensure that it has the correct message type
(Offer, in this case), contains the temporary IP address that you
configured earlier, i.e. Your-IP-Address = 1.2.3.4, and any other
expected reply parameters (which we configure later). Carefully
examine the output of a FreeRADIUS debug session (radius -X) to ensure that
the policy is being executed in the way that you expect and that no warnings
are being generated.
You can now change the content of the sample DHCP request by editing the
dhcp-packet.txt file and re-run the above command to see the server’s reply.
You should examine the DHCP dictionary distrubuted with FreeRADIUS (usually
/usr/share/freeradius/dictionary/dhcpv4/) which provides the list of all of the
DHCP parameters ("attributes") understood by FreeRADIUS.
|
When you are done testing, remember to remove the temporary edit that was made to the |
Testing the DHCP policy
The remainder of this guide describes how to configure the IP address plan,
setup the IP pools and define a DHCP policy. It’s recommended to develop your policy by making small, incremental changes to the provided configuration and then test those changes with the approach described above, using dhcpclient and radius -X, modifying the sample DHCP packet as required. If you break the policy then revert the last change, attempt to understand what went wrong, and try something else.