DHCP sending incorrect gateway in DHCP Reply

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

DHCP sending incorrect gateway in DHCP Reply

Eric Koons
I’m having an issue with ISC DHCP where it’s sending the incorrect router option/gateway in the DHCP reply.   Any help is appreciated.

Below is a capture using TCPDUMP on the DHCP server.  With this particular request, it should be sending the Gateway of 10.123.4.41, but it’s sending 10.123.4.49 which is the gateway option defined in the other scope.  It almost seems like the first device in a DHCP scope that comes online the Server uses that as the router option for all other requests.  I’ve also attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: CentOS Linux release 7.7.1908 (Core).

09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], proto UDP (17), length 428)
    10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] (0x0000)
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 10.123.0.9
            Requested-IP Option 50, length 4: 10.123.4.45
            Parameter-Request Option 55, length 12: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
              Time-Server, BF, TFTP, WWW
            Vendor-Option Option 43, length 86: 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
            Vendor-Class Option 60, length 3: "RPD"
            Client-ID Option 61, length 15: hardware-type 255, 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0
09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], proto UDP (17), length 367)
    10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
          Your-IP 10.123.4.45
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 10.123.0.9
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.248
            BR Option 28, length 4: 10.123.4.55
            Time-Zone Option 2, length 4: -18000
            Default-Gateway Option 3, length 4: 10.123.4.49
            Domain-Name Option 15, length 13: "rpd.sectv.com"
            Domain-Name-Server Option 6, length 4: 10.123.0.9
            Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
            Time-Server Option 4, length 4: 10.123.0.9
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0

Here is a copy of my dhcpd.conf:

#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
#        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        default-lease-time 86400;
        max-lease-time 172800;


# Use this to enble / disable dynamic dns updates globally.
 #       ddns-updates        on;
 #       ddns-update-style interim;
 #       ddns-rev-domainname "in-addr.arpa";
 #       deny declines;
 #       deny bootp;
        #allow client-updates;

 #       key dhcpupdate {
  #              algorithm hmac-md5;
  #              secret iY+hMAmhBJvhxc82gX8Vgg==;
  #      }

  #      zone sectv.com. {
  #              primary 10.0.40.5;
  #              key dhcpupdate;
  #      }

   #     zone 10.123.in-addr.arpa. {
   #     primary 10.0.40.5;
   #     key dhcpupdate;
   #     }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
#        class "CiscoRPD" {
#                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
#        }
#        class "CiscoiNode"{
#                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
#                option iNode-manager 01:04:0a:7b:00:0a;
#                option tftp-server-name "10.123.0.9";
#                option bootfile-name "inode.bin";
#                option domain-name "inode.sectv.com";
#        }
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
        class "CiscoRPD" {
                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
        }
 #       class "CiscoiNode"{
 #               match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
 #               option iNode-manager 01:04:0a:7b:00:0a;
 #               option tftp-server-name "10.123.0.9";
 #               option bootfile-name "inode.bin";
 #               option domain-name "inode.sectv.com";
 #       }
}

 # 10.123.4.56/29 Subnet
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCP sending incorrect gateway in DHCP Reply

Sten Carlsen
First reaction:

You define the classes inside the subnets, this is dangerous as they inherit from that subnet and use that in other subnets.

-- 
Best regards 
Sten Carlsen 


For every problem, there is a solution that
is simple, elegant, and wrong.
HL Mencken


On 16 Oct 2019, at 16.07, Eric Koons <[hidden email]> wrote:

I’m having an issue with ISC DHCP where it’s sending the incorrect router option/gateway in the DHCP reply.   Any help is appreciated.

Below is a capture using TCPDUMP on the DHCP server.  With this particular request, it should be sending the Gateway of 10.123.4.41, but it’s sending 10.123.4.49 which is the gateway option defined in the other scope.  It almost seems like the first device in a DHCP scope that comes online the Server uses that as the router option for all other requests.  I’ve also attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: CentOS Linux release 7.7.1908 (Core).

09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], proto UDP (17), length 428)
    10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] (0x0000)
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 10.123.0.9
            Requested-IP Option 50, length 4: 10.123.4.45
            Parameter-Request Option 55, length 12: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
              Time-Server, BF, TFTP, WWW
            Vendor-Option Option 43, length 86: 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
            Vendor-Class Option 60, length 3: "RPD"
            Client-ID Option 61, length 15: hardware-type 255, 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0
09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], proto UDP (17), length 367)
    10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
          Your-IP 10.123.4.45
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 10.123.0.9
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.248
            BR Option 28, length 4: 10.123.4.55
            Time-Zone Option 2, length 4: -18000
            Default-Gateway Option 3, length 4: 10.123.4.49
            Domain-Name Option 15, length 13: "rpd.sectv.com"
            Domain-Name-Server Option 6, length 4: 10.123.0.9
            Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
            Time-Server Option 4, length 4: 10.123.0.9
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0

Here is a copy of my dhcpd.conf:

#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
#        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        default-lease-time 86400;
        max-lease-time 172800;


# Use this to enble / disable dynamic dns updates globally.
 #       ddns-updates        on;
 #       ddns-update-style interim;
 #       ddns-rev-domainname "in-addr.arpa";
 #       deny declines;
 #       deny bootp;
        #allow client-updates;

 #       key dhcpupdate {
  #              algorithm hmac-md5;
  #              secret iY+hMAmhBJvhxc82gX8Vgg==;
  #      }

  #      zone sectv.com. {
  #              primary 10.0.40.5;
  #              key dhcpupdate;
  #      }

   #     zone 10.123.in-addr.arpa. {
   #     primary 10.0.40.5;
   #     key dhcpupdate;
   #     }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
#        class "CiscoRPD" {
#                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
#        }
#        class "CiscoiNode"{
#                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
#                option iNode-manager 01:04:0a:7b:00:0a;
#                option tftp-server-name "10.123.0.9";
#                option bootfile-name "inode.bin";
#                option domain-name "inode.sectv.com";
#        }
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
        class "CiscoRPD" {
                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
        }
 #       class "CiscoiNode"{
 #               match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
 #               option iNode-manager 01:04:0a:7b:00:0a;
 #               option tftp-server-name "10.123.0.9";
 #               option bootfile-name "inode.bin";
 #               option domain-name "inode.sectv.com";
 #       }
}

 # 10.123.4.56/29 Subnet
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCP sending incorrect gateway in DHCP Reply

Sten Carlsen
In reply to this post by Eric Koons


On 16 Oct 2019, at 16.07, Eric Koons <[hidden email]> wrote:

I’m having an issue with ISC DHCP where it’s sending the incorrect router option/gateway in the DHCP reply.   Any help is appreciated.

Below is a capture using TCPDUMP on the DHCP server.  With this particular request, it should be sending the Gateway of 10.123.4.41, but it’s sending 10.123.4.49 which is the gateway option defined in the other scope.  It almost seems like the first device in a DHCP scope that comes online the Server uses that as the router option for all other requests.  I’ve also attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: CentOS Linux release 7.7.1908 (Core).

09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], proto UDP (17), length 428)
    10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] (0x0000)
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 10.123.0.9
            Requested-IP Option 50, length 4: 10.123.4.45
            Parameter-Request Option 55, length 12: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
              Time-Server, BF, TFTP, WWW
            Vendor-Option Option 43, length 86: 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
            Vendor-Class Option 60, length 3: "RPD"
            Client-ID Option 61, length 15: hardware-type 255, 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0
09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], proto UDP (17), length 367)
    10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
          Your-IP 10.123.4.45

This means the device is gets an address from "# 10.123.4.40/29 Subnet".

          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 10.123.0.9
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.248
            BR Option 28, length 4: 10.123.4.55
            Time-Zone Option 2, length 4: -18000
            Default-Gateway Option 3, length 4: 10.123.4.49

The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such inherits the gateway from here.

Nothing in the configuration tells the server which subnet to allocate addresses from, no allow or deny statements.
The server is free to select an address in any subnet according to its algorithms but the gataeway is taken from one specific subnet.

Solution:
1 - move all class definitions to the global level, they are global anyway, except for inheritance.
2 - use allow/deny statements to tell the server from which subnet is may allocate addresses to a specific class or unknown clients.

            Domain-Name Option 15, length 13: "rpd.sectv.com"
            Domain-Name-Server Option 6, length 4: 10.123.0.9
            Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
            Time-Server Option 4, length 4: 10.123.0.9
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0

Here is a copy of my dhcpd.conf:

#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
#        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        default-lease-time 86400;
        max-lease-time 172800;


# Use this to enble / disable dynamic dns updates globally.
 #       ddns-updates        on;
 #       ddns-update-style interim;
 #       ddns-rev-domainname "in-addr.arpa";
 #       deny declines;
 #       deny bootp;
        #allow client-updates;

 #       key dhcpupdate {
  #              algorithm hmac-md5;
  #              secret iY+hMAmhBJvhxc82gX8Vgg==;
  #      }

  #      zone sectv.com. {
  #              primary 10.0.40.5;
  #              key dhcpupdate;
  #      }

   #     zone 10.123.in-addr.arpa. {
   #     primary 10.0.40.5;
   #     key dhcpupdate;
   #     }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
#        class "CiscoRPD" {
#                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
#        }
#        class "CiscoiNode"{
#                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
#                option iNode-manager 01:04:0a:7b:00:0a;
#                option tftp-server-name "10.123.0.9";
#                option bootfile-name "inode.bin";
#                option domain-name "inode.sectv.com";
#        }
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
        class "CiscoRPD" {
                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
        }
 #       class "CiscoiNode"{
 #               match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
 #               option iNode-manager 01:04:0a:7b:00:0a;
 #               option tftp-server-name "10.123.0.9";
 #               option bootfile-name "inode.bin";
 #               option domain-name "inode.sectv.com";
 #       }
}

 # 10.123.4.56/29 Subnet
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCP sending incorrect gateway in DHCP Reply

Eric Koons
Thanks for the help.  I moved the class stuff to the global section and that is working fine.   However, wonder if I can ask another question.  I’m trying to now pass certain options using classes based upon the vendor-class-identifier.  It’s not putting those options in the DHCP reply.  I can provide TCPDUMPS if necessary, but I have verified that the device is sending the correct and matching vendor class identifier.  Is there something wrong with my config below?




#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        option VCM.ccap_cores 10.123.4.10, 10.123.4.58;

        default-lease-time 86400;
        max-lease-time 172800;

# Use this to enble / disable dynamic dns updates globally.
       ddns-updates        on;
        ddns-update-style interim;
        ddns-rev-domainname "in-addr.arpa";
        deny declines;
        deny bootp;
        #allow client-updates;

        key dhcpupdate {
                algorithm hmac-md5;
                secret iY+hMAmhBJvhxc82gX8Vgg==;
        }

        zone sectv.com. {
                primary 10.0.40.5;
                key dhcpupdate;
        }

        zone 10.123.in-addr.arpa. {
        primary 10.0.40.5;
        key dhcpupdate;
        }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
}

 # 10.123.4.56/29 Subnet
#Vecima Node Manager
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}

class "RPD" {
                match if option vendor-class-identifier="RPD"; 
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
        }      
class "Inode" {
                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
                option iNode-manager 01:04:0a:7b:00:0a;
                option tftp-server-name "10.123.0.9";
                option bootfile-name "inode.bin";
        }

  

On Oct 16, 2019, at 12:27 PM, Sten Carlsen <[hidden email]> wrote:



On 16 Oct 2019, at 16.07, Eric Koons <[hidden email]> wrote:

I’m having an issue with ISC DHCP where it’s sending the incorrect router option/gateway in the DHCP reply.   Any help is appreciated.

Below is a capture using TCPDUMP on the DHCP server.  With this particular request, it should be sending the Gateway of 10.123.4.41, but it’s sending 10.123.4.49 which is the gateway option defined in the other scope.  It almost seems like the first device in a DHCP scope that comes online the Server uses that as the router option for all other requests.  I’ve also attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: CentOS Linux release 7.7.1908 (Core).

09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], proto UDP (17), length 428)
    10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] (0x0000)
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 10.123.0.9
            Requested-IP Option 50, length 4: 10.123.4.45
            Parameter-Request Option 55, length 12: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
              Time-Server, BF, TFTP, WWW
            Vendor-Option Option 43, length 86: 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
            Vendor-Class Option 60, length 3: "RPD"
            Client-ID Option 61, length 15: hardware-type 255, 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0
09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], proto UDP (17), length 367)
    10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
          Your-IP 10.123.4.45

This means the device is gets an address from "# 10.123.4.40/29 Subnet".

          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 10.123.0.9
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.248
            BR Option 28, length 4: 10.123.4.55
            Time-Zone Option 2, length 4: -18000
            Default-Gateway Option 3, length 4: 10.123.4.49

The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such inherits the gateway from here.

Nothing in the configuration tells the server which subnet to allocate addresses from, no allow or deny statements.
The server is free to select an address in any subnet according to its algorithms but the gataeway is taken from one specific subnet.

Solution:
1 - move all class definitions to the global level, they are global anyway, except for inheritance.
2 - use allow/deny statements to tell the server from which subnet is may allocate addresses to a specific class or unknown clients.

            Domain-Name Option 15, length 13: "rpd.sectv.com"
            Domain-Name-Server Option 6, length 4: 10.123.0.9
            Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
            Time-Server Option 4, length 4: 10.123.0.9
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0

Here is a copy of my dhcpd.conf:

#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
#        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        default-lease-time 86400;
        max-lease-time 172800;


# Use this to enble / disable dynamic dns updates globally.
 #       ddns-updates        on;
 #       ddns-update-style interim;
 #       ddns-rev-domainname "in-addr.arpa";
 #       deny declines;
 #       deny bootp;
        #allow client-updates;

 #       key dhcpupdate {
  #              algorithm hmac-md5;
  #              secret iY+hMAmhBJvhxc82gX8Vgg==;
  #      }

  #      zone sectv.com. {
  #              primary 10.0.40.5;
  #              key dhcpupdate;
  #      }

   #     zone 10.123.in-addr.arpa. {
   #     primary 10.0.40.5;
   #     key dhcpupdate;
   #     }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
#        class "CiscoRPD" {
#                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
#        }
#        class "CiscoiNode"{
#                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
#                option iNode-manager 01:04:0a:7b:00:0a;
#                option tftp-server-name "10.123.0.9";
#                option bootfile-name "inode.bin";
#                option domain-name "inode.sectv.com";
#        }
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
        class "CiscoRPD" {
                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
        }
 #       class "CiscoiNode"{
 #               match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
 #               option iNode-manager 01:04:0a:7b:00:0a;
 #               option tftp-server-name "10.123.0.9";
 #               option bootfile-name "inode.bin";
 #               option domain-name "inode.sectv.com";
 #       }
}

 # 10.123.4.56/29 Subnet
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCP sending incorrect gateway in DHCP Reply

Sten Carlsen


On 16 Oct 2019, at 19.36, Eric Koons <[hidden email]> wrote:

Thanks for the help.  I moved the class stuff to the global section and that is working fine.   However, wonder if I can ask another question.  I’m trying to now pass certain options using classes based upon the vendor-class-identifier.  It’s not putting those options in the DHCP reply.  I can provide TCPDUMPS if necessary, but I have verified that the device is sending the correct and matching vendor class identifier.  Is there something wrong with my config below?

This question is for somebody else, I never used this.





#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        option VCM.ccap_cores 10.123.4.10, 10.123.4.58;

        default-lease-time 86400;
        max-lease-time 172800;

# Use this to enble / disable dynamic dns updates globally.
       ddns-updates        on;
        ddns-update-style interim;
        ddns-rev-domainname "in-addr.arpa";
        deny declines;
        deny bootp;
        #allow client-updates;

        key dhcpupdate {
                algorithm hmac-md5;
                secret iY+hMAmhBJvhxc82gX8Vgg==;
        }

        zone sectv.com. {
                primary 10.0.40.5;
                key dhcpupdate;
        }

        zone 10.123.in-addr.arpa. {
        primary 10.0.40.5;
        key dhcpupdate;
        }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
}

 # 10.123.4.56/29 Subnet
#Vecima Node Manager
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}

class "RPD" {
                match if option vendor-class-identifier="RPD"; 
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
        }      
class "Inode" {
                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
                option iNode-manager 01:04:0a:7b:00:0a;
                option tftp-server-name "10.123.0.9";
                option bootfile-name "inode.bin";
        }

  

On Oct 16, 2019, at 12:27 PM, Sten Carlsen <[hidden email]> wrote:



On 16 Oct 2019, at 16.07, Eric Koons <[hidden email]> wrote:

I’m having an issue with ISC DHCP where it’s sending the incorrect router option/gateway in the DHCP reply.   Any help is appreciated.

Below is a capture using TCPDUMP on the DHCP server.  With this particular request, it should be sending the Gateway of 10.123.4.41, but it’s sending 10.123.4.49 which is the gateway option defined in the other scope.  It almost seems like the first device in a DHCP scope that comes online the Server uses that as the router option for all other requests.  I’ve also attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: CentOS Linux release 7.7.1908 (Core).

09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], proto UDP (17), length 428)
    10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] (0x0000)
          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 10.123.0.9
            Requested-IP Option 50, length 4: 10.123.4.45
            Parameter-Request Option 55, length 12: 
              Subnet-Mask, BR, Time-Zone, Default-Gateway
              Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
              Time-Server, BF, TFTP, WWW
            Vendor-Option Option 43, length 86: 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
            Vendor-Class Option 60, length 3: "RPD"
            Client-ID Option 61, length 15: hardware-type 255, 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0
09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], proto UDP (17), length 367)
    10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
          Your-IP 10.123.4.45

This means the device is gets an address from "# 10.123.4.40/29 Subnet".

          Gateway-IP 10.123.4.41
          Client-Ethernet-Address 00:18:48:02:6e:a0
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: ACK
            Server-ID Option 54, length 4: 10.123.0.9
            Lease-Time Option 51, length 4: 86400
            Subnet-Mask Option 1, length 4: 255.255.255.248
            BR Option 28, length 4: 10.123.4.55
            Time-Zone Option 2, length 4: -18000
            Default-Gateway Option 3, length 4: 10.123.4.49

The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such inherits the gateway from here.

Nothing in the configuration tells the server which subnet to allocate addresses from, no allow or deny statements.
The server is free to select an address in any subnet according to its algorithms but the gataeway is taken from one specific subnet.

Solution:
1 - move all class definitions to the global level, they are global anyway, except for inheritance.
2 - use allow/deny statements to tell the server from which subnet is may allocate addresses to a specific class or unknown clients.

            Domain-Name Option 15, length 13: "rpd.sectv.com"
            Domain-Name-Server Option 6, length 4: 10.123.0.9
            Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
            Time-Server Option 4, length 4: 10.123.0.9
            Agent-Information Option 82, length 18: 
              Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
              Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
            END Option 255, length 0

Here is a copy of my dhcpd.conf:

#Global Options:   

        #Set the server to authoritative;
        authoritative;      

        option domain-name-servers 10.123.0.9;
        option log-servers 10.123.0.9;
        option ntp-servers 10.123.0.9;
        option time-servers 10.123.0.9;

        local-address 10.123.0.9;

        #Time Offset
        option time-offset -18000;

        #Lease time
        default-lease-time 86400;
        max-lease-time 172800;



        #Time zone
        option PCode code 100 = text;
        option TCode code 101 = text;
        option PCode "”EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
        option TCode "America/New_York”";

        #Remote Phy Stuff
       # option CCAPCore code 43 = string;
#        option iNode-manager code 43 = string;

        option space VCM;
        option VCM.ccap_cores code 61 = { array of ip-address };

        default-lease-time 86400;
        max-lease-time 172800;


# Use this to enble / disable dynamic dns updates globally.
 #       ddns-updates        on;
 #       ddns-update-style interim;
 #       ddns-rev-domainname "in-addr.arpa";
 #       deny declines;
 #       deny bootp;
        #allow client-updates;

 #       key dhcpupdate {
  #              algorithm hmac-md5;
  #              secret iY+hMAmhBJvhxc82gX8Vgg==;
  #      }

  #      zone sectv.com. {
  #              primary 10.0.40.5;
  #              key dhcpupdate;
  #      }

   #     zone 10.123.in-addr.arpa. {
   #     primary 10.0.40.5;
   #     key dhcpupdate;
   #     }


# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

#10.123.0.0/24 Subnet - Management
subnet 10.123.0.0 netmask 255.255.255.0 {
#No options or ranges defined - No DHCP
}

# 10.123.4.40/29 Subnet
subnet 10.123.4.40 netmask 255.255.255.248 {
        range 10.123.4.42 10.123.4.46;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.41;
        option broadcast-address 10.123.4.47;
#        class "CiscoRPD" {
#                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
#        }
#        class "CiscoiNode"{
#                match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
#                option iNode-manager 01:04:0a:7b:00:0a;
#                option tftp-server-name "10.123.0.9";
#                option bootfile-name "inode.bin";
#                option domain-name "inode.sectv.com";
#        }
}

# 10.123.4.48/29 Subnet
subnet 10.123.4.48 netmask 255.255.255.248 {
        range 10.123.4.50 10.123.4.54;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.49;
        option broadcast-address 10.123.4.55;
        class "CiscoRPD" {
                match if option vendor-class-identifier="RPD";
                vendor-option-space VCM;
                option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
                option domain-name "rpd.sectv.com";
        }
 #       class "CiscoiNode"{
 #               match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
 #               option iNode-manager 01:04:0a:7b:00:0a;
 #               option tftp-server-name "10.123.0.9";
 #               option bootfile-name "inode.bin";
 #               option domain-name "inode.sectv.com";
 #       }
}

 # 10.123.4.56/29 Subnet
subnet 10.123.4.56 netmask 255.255.255.248 {
        range 10.123.4.58 10.123.4.62;
        option subnet-mask              255.255.255.248;
        option domain-search "sectv.com";
        option routers 10.123.4.57;
        option broadcast-address 10.123.4.63;
}
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: DHCP sending incorrect gateway in DHCP Reply

Simon Hobson
In reply to this post by Eric Koons
Eric Koons <[hidden email]> wrote:

> I’m trying to now pass certain options using classes based upon the vendor-class-identifier.  It’s not putting those options in the DHCP reply.  I can provide TCPDUMPS if necessary, but I have verified that the device is sending the correct and matching vendor class identifier.  Is there something wrong with my config below?

Have you verified that the client asks for it ? The server only sends the list the client asks for.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users