Untitled :: The FreeRADIUS project

Testing the DHCP service

We can verify that FreeRADIUS is providing a DHCP service using the dhcpclient tool that is included with the FreeRADIUS distribution.

Temporarily configure FreeRADIUS to issue a single static IP address to all clients by updating the dhcp DHCP-Discover section in the dhcp virtual server to include the following:

update reply {
    &DHCP-Your-IP-Address := 1.2.3.4
}

Define a sample DHCP packet as follows:

cat <<EOF > dhcp-packet.txt
DHCP-Message-Type := DHCP-Discover
DHCP-Client-Hardware-Address := 02:01:aa:bb:cc:dd
DHCP-Client-Identifier := abc123
EOF

We can now generate this packet by invoking one of the following commands based on the current circumstances…

From the host that is running the FreeRADIUS DHCP server:

dhcpclient -i lo 255.255.255.255 -f dhcp-packet.txt -x auto

From a different host with an interface (eth0) in the same broadcast domain as the FreeRADIUS DHCP server:

dhcpclient -i eth0 255.255.255.255 -f dhcp-packet.txt -x auto

If all of the DHCP broadcast traffic in other Layer 2 networks is converted to unicast by DHCP relay agents then it is not necessary for FreeRADIUS to listen on a broadcast address. In this case you can test DHCP using a unicast request:

dhcpclient 192.0.2.10 -f dhcp-packet.txt -x auto

In order for the returned, unicast DHCP OFFER to be received it is necessary to ensure that the DHCP-Your-IP-Address parameter set by FreeRADIUS matches an address on the interface used by the dhcpclient tool to send the Discover packet.

When one of the above commands is run, the tool with generate output such as the following which shows that the packet was sent and that it is now waiting for replies:

Example 1. Example output from dhcpclient showing the request

dhcpclient: ...
----------------------------------------------------------------------
DHCP-Opcode = 0x01
DHCP-Hardware-Type = 0x01
DHCP-Hardware-Address-Length = 0x06
DHCP-Hop-Count = 0x00
DHCP-Transaction-Id = 0x5e0bbfab
DHCP-Number-of-Seconds = 0x0000
DHCP-Flags = 0x0000
DHCP-Client-IP-Address = 0x00000000
DHCP-Your-IP-Address = 0x00000000
DHCP-Server-IP-Address = 0x00000000
DHCP-Gateway-IP-Address = 0x00000000
...
----------------------------------------------------------------------
Waiting for DHCP replies for: 5.000000
----------------------------------------------------------------------

Each received DHCP response will generate output such as the following:

Example 2. Example output from dhcpclient showing a response

...
----------------------------------------------------------------------
DHCP-Opcode = Server-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 1577828267
DHCP-Number-of-Seconds = 0
DHCP-Flags = 0
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 1.2.3.4
DHCP-Server-IP-Address = 192.0.2.10
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = 02:42:0a:00:00:0b
DHCP-Message-Type = DHCP-Offer
DHCP-Client-Identifier = 0x616263313233
Waiting for additional DHCP replies for: 4.999429
...

Examine the DHCP response to ensure that it has the correct message type (DHCP-Offer, in this case), contains the temporary IP address that you configured earlier, i.e. DHCP-Your-IP-Address = 1.2.3.4, and any other expected reply parameters (which we configure later). You should also carefully examine the output of a FreeRADIUS debug session (radius -X) to ensure that the policy is being executed in the way that you expect and that no warnings are being generated.

You can now change the content of the sample DHCP request by editing the dhcp-packet.txt file and re-run the above command to see the server’s reply. You should examine the DHCP dictionary distrubuted with FreeRADIUS (usually /usr/share/freeradius/dictionary.dhcp) which provides the list of all of the DHCP parameters ("attributes") understood by FreeRADIUS.

When you are done remember to remove the temporary edit that was made to the dhcp virtual server that provides the static IP assignment.

Testing the DHCP policy

The remainder of this guide describes how to configure the IP address plan, setup the IP pools and define a DHCP policy. You should develop your policy by making small, incremental changes to the provided configuration and then test those changes with the approach described above, using dhcpclient and radius -X, modifying the sample DHCP packet as required. If you break the policy then revert the last change, attempt to understand what went wrong, and try something else.

Now define the DHCP policy.