Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Apachez-
Trusted Contributor

Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Im trying to figure out if the HP 5820 supports DHCP classes or not without having access to a 5820 to find out for myself.

What I want to do is to make it possible for the endcustomer to decide for themselfs if they want to use fixed ip or DHCP - in this case the DHCP would give the endcustomer the same ip as if the customer uses fixed ip.

For example if I decide that 192.0.2.1 is valid as srcip from int1 on sw1 (through ACL) then the endcustomer can either put this ip as fixed ip in its gear (which is then connected to int1 on sw1) or just use a DHCP-client to get the same value.

Digging through **bleep**loads of documentation I finally found a nice solution to this problem as described in "Comware V5 Configuration Examples" (rather "DHCP Snooping Option 82 Configuration Examples" which is within this pdf-file) found at http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/manualsResults/?sp4ts.oid=4218345&spf_p.tpst=psiContentResults&spf_p.prp_psiContentResults=wsrp-navigationalState%3Daction%253Dmanualslist%257Cviewall%253Dtrue%257Clang%253Den&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken (terrible long link but you can find this if you select "view all" when you are at the HP 5820 technical documentation page).

The solution is:

"
To make each group obtain different IP address ranges, do the following:

1. Configure DHCP snooping to support 82. Configure the Option 82 circuit ID sub-option padding contents for each group so the DHCP server can identify where the requests are from.

2. Configure DHCP user classes and dynamic IP address allocation on the DHCP server (Router) so that the DHCP server can allocate IP addresses to the clients in different groups.

3. To match against each defined DHCP user class, you must specify the following hexadecimal strings as the Option 82 information on the DHCP server:

3.1. 0x010667726F757031 for user class group1. 0106 represents the sub-option number and length, and 67726F757031 is the hexadecimal value for group1.

3.2. 010667726F757032 for user class group2. 0106 represents the sub-option number and length, and 67726F757032 is the hexadecimal value for group2.

3.3. 010667726F757033 for user class group3. 0106 represents the sub-option number and length, and 67726F757033 is the hexadecimal value for group3
"

which means something like this within the HP 5820 switch:

"
Configuring the DHCP server

# Specify the IP address of the interface that connects to the DHCP snooping device as 192.168.10.1/24, and enable DHCP on the interface.
<Router> system-view
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ip address 192.168.10.1 24
[Router-Ethernet1/1] dhcp select server
[Router-Ethernet1/1] quit

# Enable DHCP.
[Router] dhcp enable

# Create DHCP user class group1 for Group 1. Specify a hexadecimal string for the Option 82 information used to match DHCP requests that contain Option 82 circuit ID sub-option group1.
[Router] dhcp class group1
[Router-dhcp-class-group1] if-match option 82 hex 010667726F757031
[Router-dhcp-class-group1] quit

# Create DHCP user class group2 for Group 2. Specify a hexadecimal string for the Option 82 information used to match DHCP requests that contain Option 82 circuit ID sub-option group2.
[Router] dhcp class group2
[Router-dhcp-class-group2] if-match option 82 hex 010667726F757032
[Router-dhcp-class-group2] quit

# Create DHCP user class group3 for Group 3. Specify a hexadecimal string for the Option 82 information used to match DHCP requests that contain Option 82 circuit ID sub-option group3.
[Router] dhcp class group3
[Router-dhcp-class-group3] if-match option 82 hex 010667726F757033
[Router-dhcp-class-group3] quit

# Create DHCP address pool office.
[Router] dhcp server ip-pool office

# Specify the address range of the address pool.
[Router-dhcp-pool-office] network 192.168.10.0 24
[Router-dhcp-pool-office] address range 192.168.10.1 192.168.10.254

# Specify the lease time and gateway address.
[Router-dhcp-pool-office] expired day 0 hour 12
[Router-dhcp-pool-office] gateway-list 192.168.10.1

# Specify address ranges for each DHCP user class.
[Router-dhcp-pool-office] class group1 range 192.168.10.2 192.168.10.25
[Router-dhcp-pool-office] class group2 range 192.168.10.100 192.168.10.150
[Router-dhcp-pool-office] class group3 range 192.168.10.151 192.168.10.200
"

So far so good... pretty nifty solution of injecting circuit-id in Option 82 (through DHCP-snooping) at the access-switch (facing the endcustomer) which then is forwarded to the HP 5820 aggregating switch (through DHCP-relay) to perform the DHCP magic.

However digging through the "R1211-HP 5820X & 5800 Switch Series Layer 3 IP Routing Command Reference" and "R1211-HP 5820X & 5800 Switch Series Layer 3 IP Services Configuration Guide" at the same page (the long link mentioned previously) there is not a single word of if "dhcp class" (along with "if-match option 82 hex") even exists in 5820...

So anyone around with a HP 5820 with a somewhat up2date firmware who can verify if the following commands exists or not?

dhcp class group1
if-match option 82 hex 010667726F757031
quit

along with

dhcp server ip-pool office
class group1 range 192.168.10.2 192.168.10.25

Thanks in advance!

8 REPLIES
Peter_Debruyne
Honored Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Hi,

 

That is is some good research you did, I never noticed these config examples, so thanks for pointing that out.

 

I never saw this user-class and if-match construction on comware5, so I had to look a bit deeper. ( standard 5800/5820 manuals of neither 1211 or 1808 do not mention anything on this specific feature. There is a dhcp scope level option named vendor-class-identifier , but that is just the client reported vendor class and does not provide the detailed filtering you expect in the example).

 

Just read the dhcp snooping example you mentioned and the catch is in the doc:

Software version used
This configuration example was created and verified on COMWAREV500R002 (DHCP snooping
device) and COMWAREV700R002 (DHCP server).

 

So this example demonstrates comware5 dhcp snooping, using a comware7 dhcp server.

 

Bottomline : your 5820 does not support this option, you need a comware7 device for this. (5900 is available in Gigabit and TenGigabit versions, alternative is to use the just released VSR (Virtual Service Router - runs as vm on esx https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JG811AAE&lang=&cc=&prodSeriesId= 

) for dhcp only functions, that is also a Comware7 device and the VSR manual (http://h20566.www2.hp.com/portal/site/hpsc/public/psi/manualsResults/?sp4ts.oid=5443163 ) includes the reference to the dhcp user-class configuration.

 

Hope this helps,

Best regards,Peter

 

 

 

 

 

Apachez-
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Oh bummer...

 

Because this Comware v5 document claims in the Prerequisites part that:

 

"

This document is not restricted to specific software or hardware versions.

"

 

And I assume v7 will never happen for the 5820 series?

 

Just to investigate other possibilities - I assume the DHCP-snooping function of A5120-EI cannot insert Option 60 in the forwarded DHCP-message (because Option 60 is what this "Vendor-Class-Identification" is which an extended ip-pool can act on?

 

Because if DHCP-snooping in A5120-EI cannot insert Option 60 then im down to a really fugly solution of setting up 48 (or so) loopback interfaces, each of them pointing to their own ip-pool and then make sure (if possible) that each loopbackinterface only exists on each clientvlan.

 

Would this even be remotely possible on a A5120-EI (in my case the A5120-EI would be access-switches and A5820 would the the aggregating L3-switch)?

 

One problem would be that A5120 only supports 32 virtual interfaces (which I assume loopbacks counts as) but this could be setup in the A5820 instead. But then what - is it possible to "move" a loopback interface so its only accessfully for a specific vlan?

 

That is loopback1 (10.255.255.1) is only accessible for clients in vlan101, loopback2 (10.255.255.2) is only accessible for clients in vlan102 and so on (while each loopback has a dhcp-server config running pointing to a dedicated ip-pool)?

Peter_Debruyne
Honored Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Hi,

 

* 5820 will (AFAIK so this is not official) never support comware7. It is possible that this new dhcp server code is back-ported to comware 5 however, that I do not know. (you can try to contact support for this).

 

* 5120EI supports the configuration mentioned in the configuration guide.

This 5120 doc is a bit older, but contains the dhcp-snooping information circuit-id information:

http://h20000.www2.hp.com/bizsupport/TechSupport/CoreRedirect.jsp?redirectReason=DocIndexPDF&prodSeriesId=4174705&targetPage=http%3A%2F%2Fbizsupport1.austin.hp.com%2Fbc%2Fdocs%2Fsupport%2FSupportManual%2Fc02642180%2Fc02642180.pdf

 

Hope this helps,Peter

 

 

Vince_Whirlwind
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Thank you for a very interesting post. I had never looked into what could be done with Option 82 before, and I am now interested and very curious to know more....

Apachez-
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

@Peter_Debruyne: I am aware of the injecting circuit-id through Option82 but how will that help me when the DHCP server in A5820 still cannot give out ip addresses based on the circuit-id within Option82?

The only thing that comes close that I have found is the:

vendor-class-identifier hex-string&<1-255> ip range min-address max-address

which is part of "dhcp server ip-pool pool-name extended" (and is actually an Option 60 thingy) - but then the A5120 cannot inject Option 60 when using DHCP snooping (again unless im not missing something here?).

So a fix from HP would be to either:

1) Fix so that the DHCP server of A5820 (or for that matter any comwarev5 device) can give out ip addresses based on circuit-id information in Option 82 such as:

dhcp class group1
if-match option 82 hex 010667726F757031

dhcp server ip-pool interface1
class group1 range 192.0.2.1 192.0.2.1


_OR_


2) Fix so that A5120 (or for that matter any comwarev5 device) can inject Option60 information when using DHCP snooping such as:

dhcp-snooping information [ vlan vlan-id ] vendor-class-identifier string vendor-class-identifier


_OR_ even better - do both?

So anyone in here with access to the feature request databases of comwarev5 who could add this as a feature request or even better return with an ETA for when one (or both) of these features will be available in A5120 and/or A5820? :-)


@Peter_Debruyne & @Vince_Whirlwind:

But until that happens...

Do there exist any other workaround where I have a A5820 as a L3 device for a bunch of A5120 switches to use the internal DHCP server to give out a specific ip address based on which physical interface the DHCP request arrived at (in this case the customer should be able to choose for themselfs if they want to use the fixed ip assigned to their interface OR use a DHCP client to get the same ip)?

The point here is that for this small network I want to avoid using a "real" external DHCP server since there is already a DHCP server builtin in both A5120 and A5820.

Would for example the loopback method work (meaning a specific loopback interface can act as DHCP server while each loopback interface is only available on each customer vlan)?

That is (there is also a private vlan configuration but I have not typed out that - that is on the A5820 VLAN101-148 act as secondary vlan for the primary vlan VLAN100 which has ip 192.0.2.62 set which is then being used as default gateway for the clients):


At A5120:

int1
description CUSTOMER01
acl ALLOW srcip 192.0.2.1
VLAN101

...

int48
description CUSTOMER48
acl ALLOW srcip 192.0.2.48
VLAN148

int49-50
description UPLINK_A5820
VLAN101-148


At A5820:

int1-2
description NODE01_A5120
VLAN101-148

loopback1
ip 10.255.255.1
use VLAN101
dhcp server apply ip-pool CUSTOMER01

...

loopback48
ip 10.255.255.48
use VLAN148
dhcp server apply ip-pool CUSTOMER48

dhcp server ip-pool NODE01 extended
network 192.0.2.0 mask 255.255.255.192
forbidden-ip 192.0.2.0
forbidden-ip 192.0.2.49 to 192.0.2.63
domain-name example.com
gateway-list 192.0.2.62
dns-list 8.8.8.8 8.8.4.4
expired hour 1
quit

dhcp server ip-pool CUSTOMER01 extended
network 192.0.2.1 mask 255.255.255.255
quit

...

dhcp server ip-pool CUSTOMER48 extended
network 192.0.2.48 mask 255.255.255.255
quit

Apachez-
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

I guess there is still no solutions to this problem using the builtin DHCP server of A5120 and A5820 switches?

 

What are the chances that HP would update the builtin DHCP server of A5820 so it would support giving out ip addresses based on option 82 information such as circuit-id?

Apachez-
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Anyone with news or updates on this topic?

Apachez-
Trusted Contributor

Re: Does HP 5820-24XG-SFP+ Switch (JC102A) support DHCP classes?

Looks like this might be resolved once HP releases Comware v7 for HP 5820-24XG-SFP+ Switch (JC102A).