LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.

--- guides:reference:infoblox:dhcp_options [2022/04/29 15:43] – ↷ Links adapted because of a move operation yspeerte
+++ guides:reference:infoblox:dhcp_options [2022/04/29 15:56] (current) – [DHCP Client table] yspeerte
@@ Line 1: / Line 1: @@
+{{indexmenu_n>1}}
+===== DHCP options =====
+This article describes in some detail how to setup the automatic DHCP option assignment and provisioning of Infoblox IPAM infrastructures. Before continuing familiarize yourself with the [[specials:rabobank:operate:dns:ipam_update|IPAM / DHCP update]] tool and [[guides:reference:infoblox:ipam_tree|IPAM Tree]] setup.
+==== IPAM tree option list ====
+For "network" and "scope" objects, the column ''**Dhcp_options**'' of the table ''**NMS.Dhcp_tree**'' can be used to add a series of DHCP option numbers. Each required option is simply added to the list using a comma as separator.
+A simple example is shown below. In this case, most options are assigned to the "network" rather than the "scope". This is a design choice since scopes can inherit the options from higher tiered objects.
+The values in the ''**Features**'' list will in conjunction with the Client-specific information in the table ''**NMS.Dhcp_clients**'' determine the values used for each of the DHCP options.
+^  Net_tier  ^  Net_index  ^ Net_type  ^ Net_name  ^ Scope_start  ^ Scope_end  ^ Dhcp_options  ^ Features ^
+|  0  |    | container  | Supernet  |    |    |    |   |
+|  1  |    | container  | Users  |    |    |    |   |
+|  2  |  0  | net  | Users  |    |    | 1,15,44,46,51  | ddns,domain2 |
+|  3  |  0  | scope  | Users  | 0.0.0.6  | 0.0.0.126  |  3  | vlan_odd(dhcpsrv1,dhcpsrv2) |
+|  2  |  1  | net  | Users  |    |    | 1,15,44,46,51  | ddns,domain2 |
+|  3  |  1  | scope  | Users  | 0.0.0.6  | 0.0.0.126  |  3  | vlan_odd(dhcpsrv1,dhcpsrv2) |
+|  2  |  2  | net  | Users  |    |    | 1,15,44,46,51  | ddns,domain2 |
+|  3  |  2  | scope  | Users  | 0.0.0.6  | 0.0.0.126  |  3  | vlan_odd(dhcpsrv1,dhcpsrv2) |
+|  2  |  3  | net  | Users  |    |    | 1,15,44,46,51  | ddns,domain2 |
+|  3  |  3  | scope  | Users  | 0.0.0.6  | 0.0.0.126  |  3  | vlan_odd(dhcpsrv1,dhcpsrv2) |
+A wide range op DHCP options exist. Due to their variety in function and arguments, only a limited set is currently supported. Adding support for additional options is relatively simple, but requires some coding by our developers. Support requests are welcome though.
+^  Option #  ^ Option name ^
+|  1  | subnet-mask |
+|  3  | routers |
+|  6  | domain-name-servers |
+|  15  | domain-name |
+|  43  | vendor-encapsulated-options |
+|  44  | netbios-name-servers |
+|  46  | netbios-node-type |
+|  51  | lease-time |
+|  51a  | lease-time (alternative rule set) |
+|  60  | vendor-class-identifier |
+|  150  | TFTP-Servers (exists as custom option 150 in DHCP option space) |
+|  150a  | TFTP-Servers (exists as custom option 150 in DHCP option space, alternative rule set) |
+|  241  | WLC-Servers (exists as custom option 241 in WiFi option space) |
+==== DHCP Client table ====
+Many of the values used in the various DHCP options are Client specific. The Table ''**NMS.Dhcp_clients**'' is the table where for each Client an entry is needed with the desired values for the DHCP options used in its supernet trees before IPAM/DHCP provisioning can succeed.
+This Dhcp_client table has 14 columns to determine the required values for specific DHCP options. Since each option has its own set of rules and dependencies, they will be discussed separately below.
+A sample set of rows form this table:
+^ClientCode ^Lease_time ^Ddns_enable ^Dhcpsrv1_feature ^Dhcpsrv2_feature ^Domain1_feature ^Domain2_feature ^Domain3_feature ^Lease1_feature ^Lease2_feature ^Dns_pri ^Dns_sec ^Dns_tert ^Wins_pri ^Wins_sec |
+|DataCenter |28800 |1 |10.33.44.122 |10.33.44.58 |acme.com |ins.acme.com |acme.com |28800 |14400 |10.22.1.64 |10.11.1.64 |  |  |  |
+|CN_NY |691200 |0 |10.33.44.26 |10.33.44.58 |aCN_NY.acme.com |acme.com |aCN_NY.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|CN_FF |691200 |0 |10.33.44.26 |10.33.44.58 |aCN_FF.acme.com |acme.com |aCN_FF.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|CN_LDN |691200 |1 |10.33.44.26 |10.33.44.58 |aCN_LDN.acme.com |acme.com |aCN_LDN.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|CN_SF |691200 |0 |10.33.44.26 |10.33.44.58 |aCN_SF.acme.com |acme.com |aCN_SF.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|MD_CN |691200 |0 |10.33.44.90 |10.33.44.122 |ins.acme.com |ipt.acme.com |acme.com |28800 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|3467 |691200 |1 |10.33.44.26 |10.33.44.58 |a3467.acme.com |acme.com |acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|2000 |3600 |0 |10.33.44.26 |10.33.44.58 |a2000.acme.com |acme.com |a2000.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |145.72.178.90 |10.33.122.30 |
+|2100 |3600 |1 |10.33.44.26 |10.33.44.58 |a2100.acme.com |acme.com |ipt.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|2500 |691200 |1 |10.33.44.26 |10.33.44.58 |a2500.acme.com |acme.com |ipt.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|7000 |691200 |1 |10.33.44.26 |10.33.44.58 |a7000.acme.com |acme.com |a7000.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|7001 |691200 |1 |10.33.44.26 |10.33.44.58 |a7001.acme.com |acme.com |a7001.acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+|7100 |691200 |1 |10.33.44.26 |10.33.44.58 |a7100.acme.com |acme.com |acme.com |691200 |3600 |10.22.1.64 |10.11.1.64 |  |  |  |
+==== Non-DHCP Option configuration ====
+A few configurable options exists that are strictly speaking not DHCP options, but are specific to Infoblox.
+These are options concerning:
+  - Extensible Attributes
+  - Member Assignment
+  - Dynamic DNS
+=== Extensible Attributes ===
+> <color bue> Please see the detailed article on [[guides:reference:infoblox:infoblox_ext_attr_mapping|Infoblox Extended Attributes mapping]] </color>
+With each "network" and "scope" object a set of Extensible Attributes can be added using the mapping method described in this article.
+=== Member Assignment ===
+All "networks" and "scopes" are assigned one or more GridMembers although scopes should have only one active DHCP server issuing Ip-addresses from any range.
+The GridMember assignment is configured on a per tree object (network or scope) basis using the ''Features'' list. Four entries in this features list control which members (the active DHCP servers) can 'manage' this network or range.
+  - ''**dhcpsrv1**'' which indicates the value in ''**Dhcp_clients.Dhcpsrv1_feature**'' is to be used.
+  - ''**dhcpsrv2**'' which indicates the value in ''**Dhcp_clients.Dhcpsrv2_feature**'' is to be used.
+  - ''**dhcpsrv(...)**'' function which specifies the dhcp server directly in its argument.
+  - ''**vlan_odd(... , ...)**'' function which chooses between two members based on the Vlan-id being odd or even.
+  - ''**site_hk(... , ...)**'' function which chooses between two members based on the Site_type starting with the characters ''HK'' or not.
+Multiple of these feature entries may be used in the same list, although that would normally only make senese using the ''dhcpsrv()'' function.
+All three functions accept as arguments direct ip-addresses or the names of any of the 'feature' columns in the Dhcp_clients table.
+=== Dynamic DNS ===
+This "option" enables or disables dynamic DNS (ddns) to automatically add a dns entry while a lease is in use.
+The option is enabled or disabled on a per "network" or "scope" basis using the ''Features'' list of the IPAM tree.
+Then, the customer specific value is lifted from the ''**Dhcp_clients.Ddns_enable**'' and only if its value is non-zero will the Ddns be enabled.
+=== Infoblox Template ===
+Tree objects can be created using Infoblox Templates allowing for standardized construction blocks when creating a new IPAM. Although useful, its use is limited to the object's initial creation. Any changes to the template later will have no effect.
+To specify an Infoblox template, include the ''**template(...)**'' function with the desired template as argument in the tree object's Features list.
+==== DHCP Option configuration ====
+=== 1 | subnet-mask ===
+The subnet mask value of the subnet/network is calculated from the network prefix.
+=== 3 | routers ===
+This option sets the default gateway.
+The subnet / network  address with an offset of ''0.0.0.1'' is used.
+There is currently no method to override this behaviour.
+=== 6 | domain-name-servers ===
+This option sets the list of DNS servers ip-addresses to consult. Multiple DNS servers can be assigned.
+The values can be taken form the Dhcp_clients table, or directly in the features list of the IPAM tree's network/scope.
+The Client specific values are added to the list if present in this order:
+  - ''**Dhcp_clients.Dns_pri**''
+  - ''**Dhcp_clients.Dns_sec**''
+  - ''**Dhcp_clients.Dns_tert**''
+The Tree specific values override the client specific values. These are added using the ''**dnssrv(...)**'' function in Dhcp_tree features list. Any number of dns servers can be added in the order desired:
+  - ''**dnssrv**(172.32.10.10),**dnssrv**(172.30.10.10)''
+=== 15 | domain-name ===
+The default value for the domain name is the one defined in the supernet allocation with the client.
+The Dhcp_tree feature list controls the assignment of direct or indirect domain names.
+  - ''**domain1**'' which indicates the value in ''**Dhcp_clients.Domain1_feature**'' is to be used.
+  - ''**domain2**'' which indicates the value in ''**Dhcp_clients.Domain2_feature**'' is to be used.
+  - ''**domain3**'' which indicates the value in ''**Dhcp_clients.Domain3_feature**'' is to be used.
+  - ''**domain(...)**'' function which specifies the domain name directly.
+Only one domain name can be assigned to the network/scope, the last encountered value will be used.
+=== 43 | vendor-encapsulated-options ===
+This option works alongside option 60, vendor-class-identifier, and is used to identify the Wireless LAN Controllers.
+The Ip-addresses of the two supported entries are converted in HEX, and the format requires that the first entry starts with ''F1:04'', the second with ''F1::08'' (08 is number of octets in 2 ip-addr).
+The Ip-addresses of the Client specific WLC servers are not present in the DHCP_clients table but are lifted from the NetYCE configuration of the client. The client needs to have one or two "WLC servers" configured.
+The first server reported must have the server_name "**Wlc_server**", the second server the name "**Wlc_ap_mgmt**". The ''YCE.Ip_server'' table is consulted for this client to find the ''Server_address'' for these servers.
+There currently exists no means way to directly specify this option from the features list.
+=== 44  | netbios-name-servers ===
+The two supported NetBios name servers that can be used for option 44 are taken from:
+  - ''**Dhcp_clients.Wins_pri*''
+  - ''**Dhcp_clients.Wins_sec*''
+There currently exists no means way to directly specify this option from the features list.
+=== 46  | netbios-node-type ===
+The value for this option is hardcoded to ''**2**'', indicating a hybrid node-type tat uses both dns and wins.
+=== 51 | lease-time ===
+This option sets the lease time for an DHCP ip-address in seconds.
+The value set in the ''**Dhcp_clients.Lease_time**'' is used, or the default value of ''**604800**'' corresponding to seven days. \\
+This value can be overridden using "feature" list entries in the IPAM tree's network/scope:
+  - ''**feature1**'' which indicates the value in ''**Dhcp_clients.Lease1_feature**'' is to be used.
+  - ''**feature2**'' which indicates the value in ''**Dhcp_clients.Lease2_feature**'' is to be used.
+If both are present in the same feature list, then the last encountered value is used.
+=== 51a | lease-time ===
+This option sets the lease time for an DHCP ip-address in seconds.
+This actually not-existing option number is just a quick way to assign the hardcoded lease-time of ''**3600**'' to option 50.
+If both option 51 and options 51a are present in the option-list, the last encountered option is used.
+=== 60  | vendor-class-identifier ===
+This option works alongside option 43, vendor-encapsulated-options, and is used to define Wifi AP Class name. It is currently hardcoded to ''**Cisco AP c1140**''
+There currently exists no means way to directly specify this option from the features list.
+=== 150  | TFTP-Servers ===
+This option exists as "custom" option 150 in the ''DHCP'' option space using the name ''**TFTP-Servers**'' and serves to provide a list of TFTP servers.
+The Ip-addresses of the Client specific TFTP servers are not present in the DHCP_clients table but are lifted from the NetYCE configuration of the client. The client needs to have one or two "IPT callmanager servers" configured.
+The first server reported must have the server_name "**Ipt_callmgr1**", the second server the name "**Ipt_callmgr**". The ''YCE.Ip_server'' table is consulted for this client to find the ''Server_address'' for these servers.
+The Tree specific value option uses the feature list function ''**tftp(...)**''. Any number of these tftp server addresses may be includes and are added in sequence as encountered.
+The feature added servers override any client specific ones.
+=== 150a  | TFTP-Servers ===
+This option is identical to option 150 but uses a different set of server names for the client specific values.
+This option exists as "custom" option 150 in the ''DHCP'' option space and serves to provide a list of TFTP servers.
+The Ip-addresses of the Client specific TFTP servers are not present in the DHCP_clients table but are lifted from the NetYCE configuration of the client. The client needs to have one or two "IPT callmanager servers" configured.
+The first server reported must have the server_name "**Ipt_callmgr_RN1**", the second server the name "**Ipt_callmgr_RN2**". The ''YCE.Ip_server'' table is consulted for this client to find the ''Server_address'' for these servers.
+The Tree specific value option uses the feature list function ''**tftp(...)**''. Any number of these tftp server addresses may be includes and are added in sequence as encountered.
+The feature added servers override any client specific ones.
+=== 241  | WLC-Servers ===
+This option exists as "custom" option 241 in ''**Wifi**'' option space using the name ''**WLC-Servers**''.
+The is used to identify the WLC servers as readable ip-addresses (as opposed to option 43).
+The Ip-addresses of the Client specific WLC servers are not present in the DHCP_clients table but are lifted from the NetYCE configuration of the client. The client needs to have one or two "WLC servers" configured.
+The first server reported must have the server_name "**Wlc_server**", the second server the name "**Wlc_ap_mgmt**". The ''YCE.Ip_server'' table is consulted for this client to find the ''Server_address'' for these servers.
+There currently exists no means way to directly specify this option from the features list.
+//