2011年1月25日 星期二

ACS URL configuration via DHCP Vendor Specific OptionACS URL configuration via DHCP Vendor Specific Option

This is about the configuration of the ACS URL onto the CPE via DHCP option 43.
Let’s see how this work.
Suppose we are using Linux DHCP server to perform this task. And suppose that our acs url is
let’s run the following code to get the hex encoding of the string:
echo -n "http://acs.url.com:9999/string" | od -c -t x1
This should print something like this:
0000000   h   t   t   p   :   /   /   a   c   s   .   u   r   l   .   c
         68  74  74  70  3a  2f  2f  61  63  73  2e  75  72  6c  2e  63
0000020   o   m   :   9   9   9   9   /   s   t   r   i   n   g
         6f  6d  3a  39  39  39  39  2f  73  74  72  69  6e  67
0000036
This is the output of the “od” command which actually is an hex dumper.
So we have the ascii characters and the relative hex dump.
Our string should look like this:
68:74:74:70:3a:2f:2f:61:63:73:2e:75:72:6c:2e:63:6f:6d:3a:39:39:39:39:2f:73:74:72:69:6e:67
they’re 30 chars, in hex 1E.
Now we have to put in front of the above string two more bytes: the first is “01″ meaning that we are passing acs url, the second is “1E”, actually the length of the string representing acs url.
So the final string we’ll be:
01:1E:68:74:74:70:3a:2f:2f:61:63:73:2e:75:72:6c:2e:63:6f:6d:3a:39:39:39:39:2f:73:74:72:69:6e:67
Now let’s edit the DHCP configuration in this way:
option subnet-mask 255.255.255.0;
default-lease-time 3600;
max-lease-time 3000;
authoritative;
option routers 30.30.7.2;
ddns-update-style interim;
option domain-name "mydomain.it";
subnet 30.30.7.0 netmask 255.255.255.0 {
   option vendor-encapsulated-options 01:1E:68:74:74:70:3a:2f:2f:61:63:73:2e:75:72:6c:2e:63:6f:6d:3a:39:39:39:39:2f:73:74:72:69:6e:67;
   option domain-name-servers 1.1.1.1,2.2.2.2;
}
host mycpe {
   hardware ethernet 00:11:22:33:44:55;
   fixed-address 30.30.7.5;
}
Reboot CPE and wait for it to ask an IP address to the DHCP server. This is supposed to reply with option 43 (acs url) and CPE’s CWMP agent should contact our ACS server at the specified url.


ref :http://pierky.wordpress.com/2009/05/20/acs-url-configuration-via-dhcp-vendor-specific-information/

1 則留言:

DNSSEC安全技術簡介 作者:游子興 / 臺灣大學計算機及資訊網路中心網路組約聘幹事 DNS 是一套已經廣泛使用的Internet 服務,但因先天的技術限制導致容易成為駭客攻擊的目標。本文主要在介紹DNSSEC 之緣起與技術背景,及其使用的加解密技術如何確保資料的完整...