Академический Документы
Профессиональный Документы
Культура Документы
Administrator's Guide
All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or
mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the
written permission of the publisher.
Products that are referred to in this document may be either trademarks and/or registered trademarks of the
respective owners. The publisher and the author make no claim to these trademarks.
While every precaution has been taken in the preparation of this document, the publisher and the author assume no
responsibility for errors or omissions, or for damages resulting from the use of information contained in this document
or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be
liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or
indirectly by this document.
http://www.weird-solutions.com
Special thanks:
Bud Millwood
Chief Software Architect
I Weird Solutions DHCP Turbo
Table of Contents
Foreword 1
Part II Configuration 8
1 User Interface................................................................................................................................... 8
2 Login ................................................................................................................................... 8
3 Remote servers
................................................................................................................................... 9
4 Configuring ................................................................................................................................... 10
General .......................................................................................................................................................... 10
Address reclaimer
.......................................................................................................................................................... 12
Advanced .......................................................................................................................................................... 13
GUI parameters
......................................................................................................................................................... 13
Service parameters
......................................................................................................................................................... 13
Service control
......................................................................................................................................................... 14
Event Logging
......................................................................................................................................................... 14
The prestart
.........................................................................................................................................................
file 15
Configuration
.........................................................................................................................................................
file 15
Standard options
.......................................................................................................................................................... 30
Custom options
.......................................................................................................................................................... 31
Control options
.......................................................................................................................................................... 32
Subnet selection
......................................................................................................................................................... 32
Miscellaneous
......................................................................................................................................................... 33
Creating lease
.........................................................................................................................................................
logs 33
DOCSIS Cable
.........................................................................................................................................................
Modems 33
Non-standard
.........................................................................................................................................................
devices 33
Remote-boot
.........................................................................................................................................................
devices 34
ATM support
......................................................................................................................................................... 35
Packet inspection
..........................................................................................................................................................
(for expressions) 36
$INT (value)
......................................................................................................................................................... 50
$IP (value)
......................................................................................................................................................... 50
$MAC (value)
......................................................................................................................................................... 50
$STR (value
.........................................................................................................................................................
[,delimiter]) 51
$TEXT ......................................................................................................................................................... 51
String Manipulation
.......................................................................................................................................................... 51
$LEFT (string,
.........................................................................................................................................................
count) 51
$RIGHT (string,
.........................................................................................................................................................
count) 52
$MID (string,
.........................................................................................................................................................
count, pos) 52
Error Handling.......................................................................................................................................................... 52
$DEFAULT .........................................................................................................................................................
(value) 52
Index 95
Foreword
The fast growth of the Internet has placed serious stress on the
software designed to run it. Traditional network management
services that were designed to handle hundreds of simultaneous
devices are now trying to handle hundreds of thousands.
Part
I
3 Weird Solutions DHCP Turbo
1 Getting Started
DHCP makes it easier to manage a large network by centralizing the configuration of your computers
and other networked devices.
The Server Manager under Windows The Server Manager under Linux
DHCP definitions
DHCP was created by the Dynamic Host Configuration Working Group, part of the Internet
Engineering Task Force (IETF) DHCP is an Internet Standard Protocol. The basic protocol is defined
in RFC 2131.
RFC compliance
The software complies with the following RFC's and Internet drafts:
**) Only available in the public network version of this DHCP server
Daemon and dhcpti CL utility only. Use GUI remotely on one of the supported platforms
Insert the CD or diskette into the drive and run SETUP.EXE to begin installation.
This DHCP server is transmitted electronically as a single file titled dhcp***.exe. Copy this file to a
temporary directory on your hard drive, then double-click the file to begin installation process.
Setup allows you to specify 'Full' or 'Custom' installations. If this is your first time installing the DHCP
server you'll want to choose a Full install. Afterwards, you may want to choose to do a 'Custom'
installation to only install the User Interface (GUI) on a separate workstation to communicate with the
DHCP server remotely.
After selecting the installation directory and program group, the setup program copies the necessary
files to your hard disk and registers the service. Once this is complete you should configure the DHCP
server by clicking the new DHCP server icon on your desktop.
Refer to the section on Troubleshooting if you encounter errors during the installation.
To install the two packages, either use the distribution supplied software install/uninstall utility or open
a super-user terminal in the directory containing the RPM files and type:
An automatic startup-script is also provided. For details see the Service Control section.
Refer to the section on Troubleshooting if you encounter errors during the installation.
The DHCP server ships as a single package file for the daemon. To install the package, open a super-
user terminal in the directory containing the package file and type:
pkgadd -d packagename.pkg
You should probably create a startup script to launch the daemon in /usr/local/sbin/dhcptd
each time the machine is started.
Refer to the section on Troubleshooting if you encounter errors during the installation.
Note for Linux users: the database directory is purposely left for manual removal: it can be found under
/var/lib/dhcptd
pkgrm dhcptd
(Note for Solaris users: the database directory is purposely left for manual removal: it can be found
under /var/dhcptd)
Part
II
Configuration 8
2 Configuration
· Summary node - shows general information about the selected DHCP server
· Scopes node - entities for address-ranges: its lease specifications, a local policy (DHCP
options settings for the local scope) and an optional conditional access rule.
· Options node - displays all available options, standard DHCP options and the server's built-in
Control Options (negative numbered)
· Policies view - generic containers with configured DHCP options . The special Global Policy is
a system-wide container.
· Hardware exclusions * - lists hardware devices the DHCP server should ignore.
*) In Private Server mode, a Hardware inclusions node is shown instead.
· Database - used to create or lock down a device to a fixed IP-address, or browse IP addresses
and devices currently in use.
2.2 Login
Server Manager requires that the user connects and logs in on the selected DHCP server before
administering. All communication between the user interface an the DHCP server is secured using
Blowfish encryption.
Password protection
There is no password when the software is first installed, leave the password box blank the first time
you login. You can then set a new password by choosing Tools->Change Password… from the menu.
If you forget your password, you can delete the "admin_password" key from the dhcpt.conf file and
restart the service. (If you still have trouble logging in, delete the "private_key.bin" file in the database
directory.)
Automating login
It is also possible to start the GUI and have it automatically connect and login to a DHCP server by
adding parameters on startup.
2.4 Configuring
Overview
Each DHCP server has a set of basic properties defining different aspects of its operation. You can
modify these server properties by first selecting a server, then choosing Edit->Properties… from the
menu.
The server properties window is divided into General and Address Reclaimer settings. The next
sections cover each of these.
2.4.1 General
General operation of the DHCP server program
To change General properties for a DHCP server, highlight the server name and choose Edit-
>Properties… from the menu. The General tab shows the current settings for the server.
Enable detailed logging Enable this to keep a detailed log file of the
server's activity. Enabling this option for long
periods of time is not recommended because
the log file grows quite large.
The reclaimer can be disabled (value set to zero) which can be useful for environments without
scopes, only fixed addresses
You can adjust how often the reclaimer checks for available expired bindings by changing the setting
shown in the image below. (This setting is not absolute, the address reclaimer will automatically
attempt to find available expired bindings incase the internal address dispenser is low on free IP
addresses.)
In a high-turnover environment with short lease times, setting this value to 0 days is appropriate. This
indicates no added grace period and bindings expire when devices go offline for more than 150% of
their lease time.
Note: Even if disk write caching is enabled, the memory cache is always flushed to disk before each
Reclaimer run.
2.4.3 Advanced
2.4.3.1 GUI parameters
Automating login
You can automate the connection to a local or remote DHCP server's GUI (Server Manager) by
passing additional commands to the GUI application dhcpui.exe
This way, for example no step-after-step manual login procedure would be necessary.
You can omit the --server and --password identifiers if you specify the values in order:
server,password.
Examples:
The following command line parameters can be passed to the DHCP service:
The DHCP server can be stopped and started by choosing Tools->Control Service… from the menu.
Windows The DHCP server is a regular system service that can be started,
stopped, paused and resumed using the Tools->Control Service
Menu option and also with the Services icon in the Control Panel.
(Run: services.msc)
Linux The DHCP server daemon process forks and runs in the
background when started as super-user. To stop the daemon,
use the SysV-init script provided in /etc/rc.d/init.d/dhcptd,
or use any utility that can send the process a SIGTERM.
Solaris Use ps -ae | grep dhcptd to find the pid, then kill to shut
down the daemon
Standard logging:
The DHCP server logs relevant events using your operating system's log facility.
Detailed logging:
The service can also be configured to use a detailed log file to record debugging information. To
enable detailed logging, set the server general property enable_logging to "true". You should only
enable the detailed logging property during a test phase because of the size of file that can be
produced.
Lease logging:
To record lease information, define and place the Lease log Control Option (-18) in a scope, policy or
binding. See the Control Options for details.
The DHCP server creates a prestart file in the database directory each time the service starts. This file
contains the prestart command "pack_bindings". When the service gracefully shuts down, the
command is removed from the file.
The prestart file is used to automatically re-index the DHCP server's database if the service exits
abnormally.
Other properties
Some of the server's settings are not available through Server Manager Interface. Open the file:
dhcpt.conf to see all of the server's settings:
On Windows
The configuration file is located in the DHCP server's program directory
On Linux
The configuration file is located under the /etc directory
On Solaris
The configuration file is located under the /usr/local/etc directory
enable_logging=false When set to true, all DHCP activity is logged in the log
log_file=./dhcpt.log file specified by the key: log_file.
Also needs the name of the file to use for activity
logging
private_server=false When true, the DHCP server only services the
devices listed in the iclients.txt file.
client_id=[ <your expression> ] If this key is specified, the server uses your
expression to generate a unique identifier for each
client. If you expression results in an empty value, the
standard DHCP mechanism is used to create a client
identifier.
exclusive_locks=true When set to false, the DHCP server will disable its
exclusive lock on the bindings database file:
mappings.dbf while the service is running.(Used with
caution)
Note:
It's possible to tell the service to use a different configuration file by passing a command line parameter
when starting the service. See the section Service Startup parameters for more information.
Part
III
19 Weird Solutions DHCP Turbo
3 Operation
A scope defines a range of IP-addresses for allocation to clients and it also stores configuration-data
(options) specific to this scope, the scope's Local Policy.
For more advanced environments it is noteworthy to mention that Expressions can be used to provide
rules related to the scope, accessible from the Advanced Tab.
Scope definitions
You can create a new scope by choosing File->New->Scope from the menu. You must supply a name,
gross-address range, subnet mask, lease duration. If the addresses are to be provided to clients
across a router, uncheck 'Local' and specify the remote IP-address of the relay agent, this is the
interface the remote clients reside on.
You may also want to exclude certain IP-addresses from the scope, or explicitly reserve an IP-address
to a hardware device on the network.
Note: IP-addresses that are excluded (removed) from scope's address-range or specifically reserved
from the IP-address range are no longer associated with the scope, nor its properties such as its Local
Policy.
To define an option for a specific scope, select the scope and choose File->New->Option... from the
menu.
Every scope has a Local Policy, its locally stored DHCP options. When you define an option in a
scope, you're defining that option in the scope's Local Policy. To define an option select the scope
and choose File->New->Option... from the menu. There are different types of options available,
DHCP Standard Options, DHCP Server Control Options and lastly internal packet inspection options.
If DHCP options apply to multiple scopes, it may be a good idea to group these in a generic Named
Policy or place them in the Global Policy container if it should encompass system-wide.
Options inherited from a generic Named Policy behave exactly as if they were defined within the
scope's Local Policy. If an option is defined in both the scope's Local Policy and is inherited from a
Named Policy, the Local Policy value takes precedence.
Enter a sub-range to exclude. To exclude a single IP address, enter that address as both the start and
end of the range.
The priority order of scopes can also be set with the priority slider, a higher value signifies
precedence.
A simple rule that denies Cable Modems any access to the scope.
An IP-address reservation has no association with a scope, even though the IP-address may be in its
gross-address range. It's possible to define options in a single IP-address reservations own Local
Policy, but often it's more convenient to use options already predefined in a generic Named Policy or
even an existing scope's Local Policy. To offer an IP-address reservation options already defined
elsewhere, checkmark 'Policies', then browse for the policies you wish to apply.
If you want to add individual options directly to the IP-reservation, you'll need to add them to its Local
Policy after the IP reservation is created: select the created IP-reservation and click: File -> New ->
Option
Device Identifier: Enter the identifier supplied by the device. Normally this is a sequence of six
hexadecimal values, the device's MAC address. (Hardware type Ethernet "01-" is assumed.)
Pre-registering a device
If the DHCP server is running in Private Server mode you need to register devices by choosing File-
>New->Device Registration… from the menu:
Device Identifier: Enter the identifier supplied by the device. Normally this is a sequence of six
hexadecimal values, the device's MAC address. (Hardware type Ethernet "01-" is assumed.)
The Global Policy is a special system-wide lowest priority container, and is automatically inherited by
all scopes and IP-address reservations. In the case of a duplicate option definition, the Option in the
Global Policy will be overridden.
For example, suppose you have a single DNS-server on your network, you can define the Domain
Name Servers option in the Global Policy:
Select the Policy called Global and right-click, select 'New Option" to add an appropriate option with a
value.
Now every device that receives an address from this server will use the specified DNS server.
Further suppose that you want all devices serviced by the PC_10.0 scope shown in the image above to
use another DNS server on your network. The quickest way to do this is to add the Domain Name
Servers option to the PC_10.0 scope's Local Policy and set it to the appropriate value, effectively
overriding the value defined in the Global Policy.
To define an option for a specific scope, select the scope and choose File->New->Option... from the
menu.
After selecting the option, you're presented with a data-entry window where you can specify the
settings specific to your network. Advanced users may want to read the section on entitled Using
Expressions to learn how to define values that are evaluated while the server is running.
If you have multiple values (for example, multiple Domain name servers on your network), the
Advanced>> button allows you to specify a list of values.
Entries in the value list can be moved up or down, and normally specify a preferential order.
Local Policies
Every scope and IP-address reservation has its own Local Policy. When you define an option in a
scope or IP-address reservation you're defining that option directly to a specific scope or IP-address
reservation.
The list will show both standard DHCP options and the DHCP server's own Control Options
(negative numbered) these are used to set server-side rules such as obtaining a specific behavior.
RFC 3011 defines a means for an intermediate device to request a lease from an arbitrary subnet.
Support for this is available as Control Option -21, Device selectable. If a scope has this boolean
value defined as true, or inherits this value from a policy, the scope is allowed to be considered during
the server's subnet selection process.
If you have an intermediate device that supports subnet selection, consider defining Device selectable
in the global policy, or, alternately, in those scopes that are allowed to be part of the selection list.
3.5.3.2 Miscellaneous
The DHCP server can create log files to record when and where your addresses are allocated. This file
follows a simple standard format, making it easy to parse with programs such as a spreadsheet
software.
To create a lease log, define the Lease log Control Option in a scope, policy or binding. The value can
be a fully qualified path name, or an expression that results in a fully qualified path name.
Note: The date functions are particularly useful when defining lease logs. For example, defining a value
of [$DATE() + ".log"] allows you to create rotating log files.
The public network version of the DHCP server supports reading the Relay Agent Info option 82 for
extra security with large cable-modem networks. If your cable-modems are DOCSIS compliant, you
can define Remote ID address limit (RID limit) to specify the total number of addresses that will be
allocated to Customer Premises Equipment (CPE).
The public network version of this DHCP server supports reading the Relay Agent Info option 82 for
extra security with large cable-modem networks. If your cable-modems are DOCSIS compliant, you
can define Circuit ID address limit (CID limit) to specify the total number of addresses that will be
allocated to Customer Premises Equipment (CPE).
Note: Your CMTS must be configured to insert the Remote ID and/or Circuit ID agent-info option into
upstream DHCP packets in order for these control options to have any effect. Consult the
documentation for your CMTS for information on configuring this.
All BOOTP and DHCP packets contain a "magic cookie" (a number) that defines the format of the
packet. You can override the value of the magic cookie using this option. The format of the response is
not changed by this option.
Some DHCP client devices incorrectly expect string values to be null terminated. Define this option to
make the server terminate its strings.
Some DHCP-enabled devices will refuse to see a response that's unicast onto the network. Define this
option to force a broadcast response to these devices.
Some DHCP-enabled devices will simply refuse to see a response that's broadcast onto the network.
Define this option to force a unicast response to these devices.
This option can help an impaired DHCP-enabled device. If your device requires this option in order to
function, contact the manufacturer of the device for an upgrade.
Sometimes it may be desirable to force all DHCP replies to a specific UDP port number when replying
to a device, regardless of the source port the device used. The Destination port control option -19
handles this.
Warning: Be careful using this option in contexts such as the global policy where it can inadvertently
affect responses to working devices.
Changes the default (576 bytes) datagram size to the old 300 byte size.
3.5.3.6 Remote-boot devices
Option -15 Extended area of Some devices expect tag 66, TFTP
(MS Option 66 the DHCP packet server name (IP address) to always be
TFTP server with tag 66 present in a DHCP reply in order to
name) define a second stage boot server.
(Note: this is not the RFC 'Next Server'
overload method.)
-1014 ip address CIAddr 0.0.0.0 if the device does not already have an address,
otherwise the device's current address
-1013 ip address YIAddr Should always be 0.0.0.0 on inbound packets
-1011 ip address GIAddr The ip of the first router this packet encountered. If no
router was encountered the value is 0.0.0.0.
-1010 string SName Not normally used on inbound packets
-1009 integer Flags Individual bits of this field have different meanings. Refer
to the most current DHCP RFCs for a description of the
meaning of the bit in this field.
-1008 integer Seconds The number of seconds the device has been trying to get
an address.
-1007 integer Opcode This value should always be 1 on inbound packets
-1005 integer HLen The number of octets in the device's MAC address.
-1004 integer Hops The number of routers through which this packet passed
before arriving at this server.
-1000 string Boot File If not an empty string, the device is attempting to request
that we give it specific boot file
Part
IV
Using Expressions 38
4 Using Expressions
You can supply expressions in many places where you would normally use a literal value. For example,
instead of setting a scope's allow property to true, you could set it to [$DAY() == "Monday"]. This
expression evaluates to true on Mondays, and false on all other days, resulting in a scope that only
allows access on Mondays.
The Build… button invokes the expression editor window, and is normally available in any place where
you can use an expression instead of a literal value.
string Strings are always enclosed in double quotes. "My name is"
is an example of a string.
date Dates are specified in a rigid Month, Day, Year format. Oct
1 1992 is an example of a date.
ip address An ip address is specified in dotted-decimal notation.
192.168.1.1 is an example of an ip address.
integer An integer is signed number specified in decimal form. -
1000 is an example of an integer.
boolean A boolean represents true or false. Booleans are specified
using true or false.
byte sequence A byte sequence is a sequence of 8-bit values that together
represent a single unit. 00-A0-24-2F-10-26 is an example of
a byte sequence.
SPECIAL CHARACTERS
() Used to change the natural order of precedence among the operators
[] Opening and closing tags for an expression
MATHEMATICAL
+ addition
- subtraction
/ division
* multiplication
COMPARISON
< less than
> greater than
<= less than or equal
>= greater than or equal
== equal to ("==" compares two values for equality, ie: "=" is only assignment)
!= not equal to
CONDITIONAL
? : Conditional (if...else)
LOGICAL OPERATORS
&& logical AND
|| logical OR
! logical NOT
UNARY OPERATORS
~ bitwise_inverse
- unary negation ("negative")
If you can't find a function that handles the information you want, take a look at the $INP() function.
4.5.1.1 $RELAY.RID
This function returns the remote identifier of the device as specified by the relay agent. This is the
Option 82 Remote ID.
Arguments: None
Example 1:
$RELAY.RID()
Example 2:
$RELAY.RID() == "04-0A-14-00-01-00-B0-B0-02-00-00-00-00"
Returns true if the trusted identifier matches the specified end host.
4.5.1.2 $RELAY.CID
This function returns the identifier of the relay agent's circuit through which the device is
communicating. This is the Option 82 Circuit ID.
Arguments: None
Example 1:
$RELAY.CID ()
Arguments: None
Example 1:
$RELAY.DEVICECLASS ()
The result is a single 32 bit number, where each bit has a specific meaning. Use the bitwise operators
(|) or (&) to test individual bits.
4.5.1.4 $RELAY.ADDRESS
Arguments: None
Example 1:
$RELAY.ADDRESS ()
This function returns the link-layer hardware address (MAC address) of the device the server is
communicating with.
Arguments: None
Example 1:
$HWADDR()
This function returns the hardware type (eg. Ethernet) of the device the server is communicating with.
Arguments: None
4.5.1.7 $CLIENTID
Arguments: None
Example 1:
$CLIENTID()
This function returns an identifier denoting the class of device the server is communicating with.
Arguments: None
Example 1:
$CLASSID()
4.5.1.9 $USERCLASS
This function returns an identifier denoting the type of user or application the server is communicating
with.
Arguments: None
Example 1:
$USERCLASS()
This function returns true if the device is using the BOOTP protocol, false otherwise.
Arguments: None
Example 1:
$BOOTP ()
This is a general-purpose function that allows you to inspect the value of any DHCP option or field
found in the packet received by the server.
The tag argument is required, and specifies the data you wish to inspect. Tag numbers are listed in
section entitled Option Types.
The index argument is optional, and specifies the 1-based index used to access arbitrary elements of
an arrayed DHCP option. This argument is not normally required.
If the tag argument refers to a subencoded option, the second argument must be used and must
specify a subtag. The third argument specifies the index, and is optional.
When writing expressions using $INP, the tag you're inspecting dictates the return type. For packets
that do not contain the specified option, the return type is invalid.
Example 1:
$INP (77)
Example 2:
$INP (-1002)
The result is a byte sequence representing the client device's MAC address.
Any data type can be converted at runtime to a boolean type. An invalid data type is always converted
to boolean false, and a valid data type is converted to boolean true. This allows you to evaluate the
result as a simple boolean to test for the existence of the option:
4.5.2.2 Miscellaneous
This function returns the name of the requested boot file if the device has requested a specific boot file.
Most devices will not request a boot file, and the value of this function will be an empty string.
Arguments: None
Example 1:
$BOOTFILE ()
This function returns the number of hops through which this packet has been relayed. Most relay
agents now use directed datagrams when relaying packets, so this value will rarely rise above one (1).
Arguments: None
Example 1:
$HOPS ()
Returns a number representing the number of hops this packet has made. Not likely to reflect the
actual number of relay agents through which this packet passed.
4.5.2.2.3 $HTYPE
This function returns the hardware type in use on the device with which the server is communicating.
Hardware types are listed in Internet RFCs.
Arguments: None
Example 1:
$HTYPE ()
4.5.2.2.4 $HLEN
This function returns the length (in bytes) of the value returned by the $HWADDR() function.
Arguments: None
Example 1:
$HLEN ()
This function returns any vendor-specific information the device is sending to the server.
Arguments: None
Example 1:
$VENDORSPECIFIC ()
This function returns the current transaction id the device is using to communicate with the server.
Arguments: None
Example 1:
$XID ()
This function returns the number of seconds the device has been attempting to get an address.
Arguments: None
Example 1:
$SECS ()
Arguments: None
Example 1:
$COOKIE ()
4.5.2.3 Deprecated
This function is deprecated. New expressions can simply use $INP(tag) or a specific device
identification function to test for the existence of an option.
This function returns the current date. The default return type is a string, but the optional format
argument allows you to return the date as an integer value or any other type as specified by the ISO-C
strftime() format.
Example 1:
$DATE ()
Example 2:
$DATE ("integer")
Example 3:
$DATE ("%c")
The return value is a string containing the date and time in the current locale format: "Thu Jul 25
16:56:18 CEST 2002".
The ISO-C strftime() function can take a wealth of format specifiers. More information about this
function can be found on the internet at various locations.
This function returns the current year. The default return type is a string, but the optional format
argument allows you to return the year as an integer value or any other type as specified by the ISO-C
strftime() format.
Example 1:
$YEAR ()
Example 2:
$YEAR ("integer")
Example 3:
$YEAR ("%y")
The return value is a string containing the year without century "02".
The ISO-C strftime() function can take a wealth of format specifiers. More information about this
function can be found on the internet at various locations.
This function returns the current month. The default return type is a string, but the optional format
argument allows you to return the month as an integer value or any other type as specified by the ISO-
C strftime() format.
Example 1:
$MONTH ()
Example 2:
$MONTH ("integer")
Example 3:
$MONTH ("%b")
The return value is a string containing the abbreviated month name "Jan".
The ISO-C strftime() function can take a wealth of format specifiers. More information about this
function can be found on the internet at various locations.
This function returns the current day of the week. The default return type is a string, but the optional
format argument allows you to return the current day as an integer value or any other type as specified
by the ISO-C strftime() format.
Example 1:
$DAY ()
Example 2:
$DAY ("integer")
The return value is an integer whose value is 25, corresponding to the day of the month.
Example 3:
$DAY ("%j")
The ISO-C strftime() function can take a wealth of format specifiers. More information about this
function can be found on the internet at various
This function returns the current time. The default return type is a string, but the optional format
argument allows you to return the current time as an integer value or any other type as specified by the
ISO-C strftime() format.
Example 1:
$TIME ()
Example 2:
$TIME ("integer")
The return value is an integer whose value is 1658, corresponding to 16:58 in 24hr time format.
Example 3:
$TIME ("%Z")
The ISO-C strftime() function can take a wealth of format specifiers. More information about this
function can be found on the internet at various locations
This function retrieves a single value from a file, using the key argument as an index. The format of the
file is:
key1=192.168.1.1
key2=192.168.1.2
<default>=192.168.1.254
...
The key and value can be any data type. The special <default> key can also be listed in this file. If it
exists, all non-matching lookups return this value.
Example:
This expression implies that your file uses hardware addresses as the key, since tag number -1002
refers to the hardware address sent by the device.
This function attempts to convert value to a boolean value. value can be any data type, but the
conversion is not guaranteed to succeed because the type or format of value may not facilitate
conversion.
Example:
$BOOL ("true")
This function attempts to convert value to an integer. value can be any data type, but the conversion is
not guaranteed to succeed because the type or format of value may not facilitate conversion.
Example:
$INT ("206")
This function attempts to convert value to an ip address type. value can be any data type, but the
conversion is not guaranteed to succeed because the type or format of value may not facilitate
conversion.
Example:
$IP ("192.168.1.1")
This function attempts to convert value to a byte sequence, the typical format of a hardware address.
value can be any data type, but the conversion is not guaranteed to succeed because the type or
format of value may not facilitate conversion.
Example:
$MAC ("00-A0-24-2F-10-26")
This function converts value to a string. It is always possible to convert a non-string type to a string.
Example:
$STR (00-A0-24-2F-10-26)
Use the optional delimiter argument to specify your own delimiter for data types that support them:
Examples:
$STR ($HWADDR(),"_")
This returns a string whose value has the form: "00_A0_24_2F_10_26".
$STR ($HWADDR(),":")
This returns a string whose value has the form: "00:A0:24:2F:10:26".
4.5.5.6 $TEXT
This function converts a byte_sequence to a string. Not the same as $STRING, which simply gives a
text representation of the bytes.
Example 1:
The string argument need not be of type string; it may be any type that can be converted to a string.
This includes MAC and INT types. In the case of a non-string type, the argument is first converted to a
string, left-stripped, then returned as a string type. If you require the result to be in another format, you
can simply wrap this function with a data conversion function, shown below:
Example 2:
Example 1:
The string argument need not be of type string; it may be any type that can be converted to a string.
This includes MAC and INT types. In the case of a non-string type, the argument is first converted to a
string, left-stripped, then returned as a string type. If you require the result to be in another format, you
can simply wrap this function with a data conversion function, shown below:
Example 2:
This function returns count elements from string, starting at position pos. The pos argument specifies
the zero-based index of the starting character.
Example 1:
The string argument need not be of type string; it may be any type that can be converted to a string.
This includes MAC and INT types. In the case of a non-string type, the argument is first converted to a
string, the mid-result is calculated, and the result is returned as a string type. If you require the result to
be in another format, you can simply wrap this function with a data conversion function, shown below:
Example 2:
This function allows you to specify a return value in the event the expression cannot be evaluated at
runtime. The value argument is required, and specifies the default value to be used in the event of a
runtime error.
This function should be placed first, followed by a comma, then your expression.
Example:
Returns "basic.00" because of a type mismatch; it's not possible to add a string and a number.
Part
V
55 Weird Solutions DHCP Turbo
5 Additional Tools
Overview
Your important DHCP files are stored in the DHCP server's database directory. A full backup of the
files in the database directory can normally only be done when the DHCP server is stopped. However a
dump_bindings command can be issued which 'dumps' the binding records while the DHCP server is
running. This and can be later used for repopulating a new database.
Only attempt to backup the Xbase files directly from disk while the
DHCP service is stopped, since the backup could otherwise be in an
inconsistent state and unusable.
In the event you need to restore one or more of your ASCII tables,
simply stop the DHCP service, copy your tables into the database
directory, and restart the service. You may want to check the system
event log to ensure there were no errors encountered.
Note: If you copy these files between different platforms, ensure that
they are have the correct ASCII format for the machine on which they'll
be used. Windows and Unix use different formats for ASCII.
prestart.txt Improper shutdown indicator
Note: If you copy these files between different platforms, ensure that
they are have the correct ASCII format for the machine on which they'll
be used. Windows and Unix use different formats for ASCII.
When using the Server Manager graphical interface you can select View->Console to "spy" on the
communication between the GUI and server. Watching this communication is a great way to
understand how to talk to the server from within dhcpti.
help
[ENTER]
[ENTER]
exit
[ENTER]
[ENTER]
dhcpti also accepts your password as a command line argument. For a complete list of supported
arguments, type:
dhcpti --help
You can read this DHCP server's properties using the get_properties command.
get_properties
[ENTER]
code=ack
private_server=false
write_caching=false
enable_logging=false
log_file=./dhcpt.log
dynamic_bootp=true
deny_ras=false
set_properties
private_server=true
write_caching=false
enable_logging=false
log_file=./dhcpt.log
dynamic_bootp=true
deny_ras=false
[ENTER]
code=ack
The info command returns miscellaneous information about this DHCP server.
info
[ENTER]
code=ack
build=1251
build_type=retail
features=docsis
max_bindings=3000
version=2.0
name=offset.myown-solutions.com
platform=Windows NT 4.0
On Windows platforms dhcpti can be used to start, stop or restart the DHCP service. No password is
required because the Windows security system is used for authentication, but you must have system
administrator privileges on the target system to perform these commands.
dhcpti --help
5.2.1.2 Scopes
Scopes define the basis for dynamic address allocations. Each field of a scope record is shown here
with a description of the field's purpose.
enum_scopes
[ENTER]
scope=Charlotte
scope=Atlanta
scope=Miami
code=ack
read_scope=Charlotte
[ENTER]
code=ack
active=true
policy=
description=
giaddr=0.0.0.0
name=Charlotte
rangestart=192.168.1.120
rangestop=192.168.1.125
xrange=
option Subnet mask=255.255.255.0
option DHCP address lease time=300
option Force broadcast=true
add_scope
name=Raleigh
active=true
policy=
description=
giaddr=0.0.0.0
rangestart=192.168.1.120
rangestop=192.168.1.125
xrange=
option Subnet mask=255.255.255.0
option DHCP address lease time=300
option Force broadcast=true
[ENTER]
code=ack
Blank fields may be omitted if they are not required.
To change a scope requires that you specify all information for that scope, much the same way as
when adding a scope.
write_scope
active=true
giaddr=0.0.0.0
name=Test
rangestart=192.168.1.121
rangestop=192.168.1.125
xrange=
option Subnet mask=255.255.255.0
option DHCP address lease time=300
option Force broadcast=false
[ENTER]
code=ack
delete_scope=Test
[ENTER]
code=ack
5.2.1.3 Policies
Policies are used to refer to a group of options by a name. Each field of a policy record is shown here
with a description of the field's purpose.
type Current supported types are general and global. There should only ever be one
global policy.
key Not used for general or global type policies. Can be any value.
policy A policy from which this policy should inherit options. Currently unsupported.
option xxx Each recognized option should be preceded with the keyword 'option'. You may
have as many option fields as you wish.
enum_policies
[ENTER]
policy=Global
policy=generic
code=ack
read_policy=Premium
[ENTER]
code=ack
name=Premium
description=Premium services
option Domain name servers=192.168.1.1
option Boot file=premium.bin
add_policy
name=test
description=For test purposes
option Lease log=c:\logs\test_leases.log
option Log servers=192.168.1.4
[ENTER]
code=ack
5.2.1.3.4 Changing a policy
Use the write_policy command to create a new policy and the change_policy command to make
partial updates to an existing policy, using the "name=xxx", and adding attributes to change/add.
write_policy
name=test
description=For test purposes
option Lease log=c:\logs\test.log
option Log servers=192.168.1.3
[ENTER]
code=ack
change_policy
name=test
option Lease log=c:\logs\test2.log
[ENTER]
code=ack
5.2.1.3.5 Deleting a policy
delete_policy=test
[ENTER]
code=ack
5.2.1.4 Bindings
Although it is possible to perform the following operations on pendings, you will rarely see any pending
allocations unless your server is extremely busy. The fields of a pending record are shown here with an
explanation of each field.
clientid The unique device identifier (also known as client identifier). This is usually
the hardware address followed by the device's MAC address.
lease_length The duration for which the IP address binding is valid (once committed).
scope The scope from which this record's IP address was taken.
pend_time The date and time this address was offered to the device.
remote id The DOCSIS version of this DHCP server records the remote id supplied by
the CMTS in this field.
circuit id The DOCSIS version of this DHCP server records the circuit id supplied by
the CMTS in this field.
You can enumerate all bindings on the server, or you can enumerate a subset of bindings by specifying
a filter. Examples of each method are shown below.
...or by IP address
enum_addrs
[ENTER]
enum_bindings=01-00-A0-22-4F-6C-5C
count=3
[ENTER]
binding=01-00-A0-22-4F-6C-5C
binding=01-00-A0-22-4F-6C-5D
binding=01-00-A0-22-4F-6C-5E
code=ack
enum_bindings
scope=myscope
[ENTER]
binding=01-00-A0-22-4F-6C-5E
binding=01-00-A0-22-4F-6C-5F
binding=01-00-A0-26-26-31-F1
binding=01-00-A0-26-26-31-F2
binding=01-00-A0-26-26-31-F3
binding=01-00-A0-26-26-31-F4
binding=01-00-A0-26-26-31-F5
code=ack
binding=01-00-A0-26-26-31-F3
binding=01-00-A0-26-26-31-F4
binding=01-00-A0-26-26-31-F5
code=ack
enum_bindings
range=myscope
[ENTER]
binding=01-00-A0-22-4F-6C-5E
binding=01-00-A0-22-4F-6C-5F
binding=01-00-A0-26-26-31-F1
binding=01-00-A0-26-26-31-F2
binding=01-00-A0-26-26-31-F3
binding=01-00-A0-26-26-31-F4
binding=01-00-A0-26-26-31-F5
code=ack
Because the bindings database can be quite large, we've provided a number of ways to filter the output
of a read_bindings command.
Single binding records can be retrieved by specifying a client identifier or ip address, and multiple
binding records
can be retrieved by using any combination of scope, range and dBase expression filtering.
The next few topics show how to use each of these methods.
Note: read_bindings and read_binding refer to the same command. Either format is acceptable.
5.2.1.4.2.1 Individual bindings by IP address
read_binding
ipaddr=192.168.1.125
[ENTER]
code=ack
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.my-ownsolutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
read_binding
clientid=01-00-A0-26-26-31-F5
[ENTER]
code=ack
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
You can retrieve all bindings that were dynamically created from a given scope using the specialized
scope=<name> filter. This filter only returns dynamic leases created from the named scope.
read_bindings
scope=Charlotte
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
code=ack
You can retrieve all bindings that fall within a specified address range using the specialized
range=<value> filter. The value can be a literal address range (e.g. 192.168.1.25-192.168.1.26), or a
scope name.
The syntax range=scope_name differs from the syntax scope=scope_name in that the former
returns all bindings within the given scope's address range, regardless of whether they were created as
fixed reservations or dynamic bindings. The latter syntax will only return dynamic bindings that were
created from the given scope.
read_binding
range=192.168.1.25-192.168.1.26
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
code=ack
read_binding
range=Charlotte
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
code=ack
You can retrieve an arbitrary set of bindings that match a dBase-style expression. When writing dBase
expressions you will find it useful to know the following field names. All fields are text. The ipaddress
field contains expanded octets, such that an address of "172.0.0.1" is stored as "172.000.000.001".
The example below returns all records where the clientid field begins with the sequence "01-00-
A0".
read_bindings
filter=LEFT (clientid,8) = "01-00-A0"
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
code=ack
Filters for reading multiple records can be mixed within the same command sequence. The example
below returns all records from the scope Charlotte that also have a client identifier starting with the
sequence "01-00-A0".
read_bindings
scope=Charlotte
filter=LEFT (clientid,8) = "01-00-A0"
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
code=ack
You can dump the entire contents of the bindings database using the dump_bindings command.
dump_bindings
[ENTER]
clientid=01-00-A0-26-26-31-F5
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
clientid=01-00-A0-26-26-31-F6
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox2.myown-solutions.com
ipaddr=192.168.1.126
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
-
This command does not generate a code=ack response. Its output is designed to be saved, and later
fed back into the command-line tool for regenerating your database. See the section on Backup for
more information about this command.
add_binding
clientid=01-00-A0-00-00-00-00
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
fixed=true
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.125
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
[ENTER]
code=ack
* The clientid field should be whatever your device uses as its device identifier (also known as client
identifier). This is normally the hardware type followed by the MAC address.
Use the write_binding command to create a new binding record and the change_binding command
to make partial updates to existing binding records.
write_binding
clientid=01-00-A0-00-00-00-00
policy=
commit_time=Thu Sep 21 13:34:09 2000
giaddr=0.0.0.0
hostname=testbox.myown-solutions.com
ipaddr=192.168.1.124
lease_length=0:5:0
protocol=dhcp
remote id=
scope=Charlotte
[ENTER]
code=ack
change_binding
clientid=01-00-A0-00-00-00-00
lease_length=0:5:0
[ENTER]
code=ack
delete_binding=01-00-A0-00-00-00-00
[ENTER]
code=ack
5.2.1.5 Pendings
Although it is possible to perform the following operations on pendings, you will rarely see any pending
allocations unless your server is extremely busy. The fields of a pending record are shown here with an
explanation of each field.
clientid The unique device identifier (also known as client identifier). This is
usually the hardware address followed by the device's MAC address.
lease_length The duration for which the IP address binding is valid (once
committed).
scope The scope from which this record's IP address was taken.
pend_time The date and time this address was offered to the device.
remote id The DOCSIS version of this DHCP server records the remote id
supplied by the CMTS in this field.
circuit id The DOCSIS version of the DHCP server records the circuit id
supplied by the CMTS in this field.
enum_pendings
[ENTER]
code=ack
It is very likely that a read for a specific pending will fail because the device transitioned from a pending
state to a bound state during the time between you enumerated the pendings and when you issued the
read.
read_pending=01-00-A0-00-00-00-00
[ENTER]
code=nak
session_message=Record not found
Adding a pending record is not supported. You should never need to perform this operation.
Changing a pending record is not supported. If you believe the DHCP server has a pending record
that's in error, you may delete it, although these records are periodically deleted automatically.
delete_pending=01-00-A0-00-00-00-00
[ENTER]
code=nak
session_message=Record not found
The DHCP server maintains a list of devices that should be denied service under all conditions. This is
useful to deny certain devices from each server in a multi-server environment, or to deny service to
devices that are known to behave badly. The fields of an xclient (device exclusion) record are shown
here with an explanation of each field.
clientid The unique device identifier (also known as client identifier). This is
usually the hardware address followed by the device's MAC
address.
enum_xclients
[ENTER]
code=ack
xclient=01-01-00-33-00-00-22
xclient=01-01-00-FF-00-4C-3D
read_xclient=01-01-00-33-00-00-22
[ENTER]
code=ack
clientid=01-01-00-33-00-00-22
description=Ghostrider test box
add_xclient
clientid=01-01-00-33-00-00-44
description=test
[ENTER]
code=ack
write_xclient
clientid=01-01-00-33-00-00-44
description=Secondary test box
[ENTER]
code=ack
delete_xclient=01-01-00-33-00-00-44
[ENTER]
code=ack
If the private server property is enabled, the DHCP server maintains a list of device identifiers that are
explicitly allowed to use this server. Using device registrations can be useful to secure the server, but
still allow the DHCP address management. The fields of an iclient (device registration) record are
shown here with an explanation of each field.
enum_iclients
[ENTER]
code=ack
iclient=01-01-00-33-00-00-22
iclient=01-01-00-FF-00-4C-3D
read_iclient=01-01-00-33-00-00-22
[ENTER]
code=ack
clientid=01-01-00-33-00-00-22
description=Ghostrider test box
add_iclient
clientid=01-01-00-33-00-00-44
description=test
[ENTER]
code=ack
write_iclient
clientid=01-01-00-33-00-00-44
description=Secondary test box
[ENTER]
code=ack
delete_iclient=01-01-00-33-00-00-44
[ENTER]
code=ack
The DHCP server maintains a table of all options it recognizes. This table includes RFC-defined
options, Control options, and user-defined options. The fields of an optiontype record are shown here
with an explanation of each field.
type The data type for this option. Valid values are 8bit, 16bit, 32bit, string, ipaddr,
bool, time, hardware_address and control.
arrayed Specifies whether or not this option type allows multiple values to be defined. Can
be true or false.
single_hosts Specifies that this option type can only be defined for a single host; it cannot be
defined in a scope or policy. Can be true or false.
signed If numeric, specifies whether or not this value can be signed. Can be true or false.
user_definable Some option types are not meant to have user-definable values. One example is
the MAXIMUM_MESSAGE_SIZE, which a DHCP device uses to specify the
largest size datagram it can receive from a server. This field is false for such
options.
enum_optiontypes
[ENTER]
code=ack
optiontype=-34
optiontype=-33
optiontype=-32
optiontype=-31
optiontype=-30
optiontype=-29
optiontype=-28
optiontype=-27
optiontype=-26
…
<output clipped for brevity>
enum_optiontypes=names
[ENTER]
code=ack
optiontype=Subnet mask
optiontype=Time offset
optiontype=Gateways
optiontype=Time servers
optiontype=IEN116 name servers
optiontype=Domain name servers
optiontype=Log servers
optiontype=Cookie/Quote servers
…
<output clipped for brevity>
The read_optiontype command can take a numeric tag or an alphanumeric name as its argument. In
this example we use the name of the option type.
read_optiontype=Subnet mask
[ENTER]
code=ack
advanced=false
arrayed=false
description=Specifies a subnet mask for the device
name=Subnet mask
single_hosts=false
signed=false
tag=1
type=ipaddr
user_definable=true
add_optiontype
advanced=false
arrayed=false
description=For testing purposes
name=Test option
single_hosts=false
signed=false
tag=128
type=ipaddr
user_definable=true
[ENTER]
code=ack
write_optiontype
advanced=false
arrayed=false
description=For testing purposes
name=Test option
single_hosts=false
signed=false
tag=128
type=string
user_definable=true
[ENTER]
code=ack
The delete_optiontype command can take a numeric tag or an alphanumeric name as its argument.
In this example we use the name of the option type.
delete_optiontype=Test option
[ENTER]
code=ack
Change notifications are sent in plain text format over UDP to the ip address/port of your choosing.
5.3.2 Subscribing
You must create and bind a UDP listener socket before subscribing to change notification.
The DHCP server will detect and remove dead subscribers*. If your socket is not ready to receive
network datagrams when you first subscribe, you will be detected as a dead subscriber upon
registration, and immediately unsubscribed. As a courtesy, and to safeguard against denial-of-service
attacks, dead subscribers themselves will also receive notification that they are being unsubscribed.
You must be logged into the DHCP server's remote communications console to subscribe and
unsubscribe. You can use the dhcpti utility for this, or you can connect directly from within your own
application. Information on how to interface directly to the DHCP server can be found in the OEM
Interface Guide.
To subscribe, enter the command below using your specific network values:
subscribe
ipaddr=192.168.1.50
port=20000
The server responds with code=ack. If the server responds with code=nak, you were subscribed
already.
To unsubscribe, enter the command below using your specific network values:
unsubscribe
ipaddr=192.168.1.50
port=20000
operation=v <newline>
class=w <newline>
instance=x <newline>
src_ip=y<newline>
src_port=z<newline>
add
delete
modify
scope
binding
policy
optiontype
suboptiontype
xclient
iclient
properties
subscription
The value for instance is a hint indicating the specific object that has changed. For each possible
class, the hint is:
Together, the src_ip and src_port values define the remote connection that initiated this change.
5.3.4 Reference
The following notifications may be received from the server. Note that the values may differ in your
environment.
Scopes
operation=add
class=scope
instance=test
src_ip=192.168.1.50
port=51477
operation=modify
class=scope
instance=test
src_ip=192.168.1.50
port=51477
operation=delete
class=scope
instance=test
src_ip=192.168.1.50
port=51477
Bindings
operation=add
class=binding
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=modify
class=binding
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=delete
class=binding
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
Policies
operation=add
class=policy
instance=Gold
src_ip=192.168.1.50
port=51477
operation=modify
class=policy
instance=Gold
src_ip=192.168.1.50
port=51477
operation=delete
class=policy
instance=Gold
src_ip=192.168.1.50
port=51477
Option types
operation=add
class=optiontype
instance=133
src_ip=192.168.1.50
port=51477
operation=modify
class=optiontype
instance=133
src_ip=192.168.1.50
port=51477
operation=delete
class=optiontype
instance=133
src_ip=192.168.1.50
port=51477
Suboption types
operation=add
class=suboptiontype
instance=122/1
src_ip=192.168.1.50
port=51477
operation=modify
class=suboptiontype
instance=122/1
src_ip=192.168.1.50
port=51477
operation=delete
class=suboptiontype
instance=122/1
src_ip=192.168.1.50
port=51477
Hardware exclusions
operation=add
class=xclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=modify
class=xclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=delete
class=xclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
Hardware inclusions
operation=add
class=iclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=modify
class=iclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
operation=delete
class=iclient
instance=01-00-A0-24-2F-10-26
src_ip=192.168.1.50
port=51477
Properties
operation=modify
class=properties
instance=
src_ip=192.168.1.50
port=51477
Subscriptions
operation=add
class=subscription
instance=192.168.1.50:20000
src_ip=192.168.1.50
port=51477
operation=delete
class=subscription
instance=192.168.1.50:20000
src_ip=192.168.1.50
port=51477
Part
VI
Frequently Asked Questions 86
6.1 FAQ's
Q1. Can I change a dynamic binding to a fixed IP-address reservation?
A. Yes. In the Database view, select the binding in question, then choose Bindings->Make Fixed
from the menu.
Changing a binding from dynamic to fixed allows you to assume full administrative control over
that binding. You are then free to modify any of the properties of the binding.
A. A fixed binding can not be changed to a dynamic binding. You can however delete the fixed
binding, enabling the device to get a new dynamic binding and forcing the client to renew its
address.
A. Yes. The Allow and Deny properties of a scope enable you to dynamically enable or disable use
of that scope using runtime identification of the device.
For example, to place all Cable modems in one scope, and all PC's in a separate scope, create
two scopes named CM and PC. For the CM scope, set the Allow property to:
[ $CLASSID() == "docsis1.1" ]
[ $CLASSID() == "docsis1.1" ]
This pair of expressions effectively limits each class of device to its respective scope. Since
scopes may be evaluated in an arbitrary order, the Allow and Deny expressions must be set for all
scopes servicing a given segment.
Note:
$CLASSID() is only one of the identification functions available to you at runtime. For a complete
list of available functions, see the section entitled Functions under Using Expressions.
Q4. On a multi-NIC machine, how do I specify which network card the DHCP server binds to?
A. You do this by modifying the 'dhcpt.conf' text-file and restarting the server. You'll find a line
that's commented out called 'daemon_listen_on=192.168.x.x'. Uncomment the line and list the
addresses it should operate on.
A. Not unless you require the performance gain. If you do, we recommend you run this DHCP
server on a stable server and set a low reclaimer interval so that cached lease commits are written
back to permanent storage as often as possible.
A. Yes, by using an expression. For example, you can define the "Boot file" option in the Global
policy, and set its value as:
[ "C:\images\" + $INP (-1000) + ".img" ]
With this expression, the name of the boot file the DHCP server returns would include the text the
client requested. If the client specified "BF1", for example, the value "C:\images\BF1.img" would
be returned as the boot file.
In this case, if the client doesn't specify a boot file, it gets the default, otherwise it creates the
name on the fly like the first expression does.
· define a single global lease log by adding this option to the servers Global policy
· define a scope-specific lease log by adding this option to a scope's Local policy
· define a binding-specific lease log by adding this option to a binding's Local policy
A. Yes. You must explicitly define which scopes are allowed to be selected by defining option -21,
Device selectable in the scope's local policy. Alternatively, if you define this option in the global
policy, all scopes will be available for selection.
Q9. How can I secure the DHCP server against Denial-of-Service attacks from malicious users?
A. If your intermediate systems support option 82 (most CMTSes do, for example), you simply
need to define internal Control option -22, Circuit ID address limit, and/or option -17, Remote ID
address limit. The value you define is the total number of active leases you're willing to allocate to
each household. Because they are options, these settings can be defined in a scope, binding,
named policy or the global policy.
Q10. My device gets an address, but can't seem to do a TFTP download. What's wrong?
A2. Your TFTP server is not running on the same machine as the DHCP server. Use option -14,
Next server to direct the device to its TFTP server.
A3. You have not specified a boot file for the device. Use option -1, Boot file to convey the boot file
to your device.
A4. Your device incorrectly interprets sname as it's TFTP server. Use option -20, Server name to
A5. Your device incorrectly interprets option 66 as its TFTP server. Use option -15, MS Option 66
to direct the device to its TFTP server.
A6. Your device incorrectly interprets option 67 as its boot file. Use option -16, MS Option 67 to
convey the boot file to your device.
A7. Your device cannot respond to ARP requests until it has received its boot file. Use option -9,
Force unicast response to ensure the server will not need to resolve the device's IP address
before transmitting the boot file.
Q11. How do I configure and provide Microsoft WINS server values to my clients? (Windows
Internet Naming Service)
A. You need to set two options. Option 44: the IP addresses of WINS server(s) and option 46: the
node type, default value is 8 = Hybrid node. When you are in the "Option Types" view, you can
double-click these options to see its description.(Legacy systems may also need option 47.)
A. Yes. In the dhcpt.conf file, uncomment the line showing 'comms_port=', and fill in any value
over 1023 (for example, comms_port=8088. Restart the DHCP server, then configure your firewall
to pass traffic on ports 67 and 8088.
Part
VII
Troubleshooting 90
7 Troubleshooting
Many of these messages may also include a system-specific error message. This message can be
quite useful in indicating the nature of a particular problem.
Device 'xx-xx-xx-xx' has been denied service because the current limit of 'Y' bindings has been
reached.
· Your DHCP server's bindings license limit has been reached. Contact your supplier to upgrade
your license limit.
Database 'xxx' contains 'Y' bindings, but this server is limited to 'Z' bindings
· Your license limit has been reached. Contact your supplier to upgrade your license limit.
localhost 9
Index login 8
-N-
-A- Named polices 29
address reservation 24
Allow 23
-O-
-B- operators 40
Option types 30
basic properties 10
-R-
-C- Reclaimer 12
Control Options 30
Control Service 14
create option 31
-S-
scope 19
-D- Server Manager 8
Supported platforms 4
Deny 23
device exclusion 25
DHCP definitions 3
DHCP Options 28
dhcpt.conf 15
-F-
fixed 24
-G-
Global policy 29
-I-
Installing on Linux 5, 6
Internal options 36
IP Exclusion 22
-L-
Local policies 29
Local Policy 20