ISC DHCP Users

DHCP server configuration does not work for all clients

Classic

List

6 messages Options

Options

Jim Yang

DHCP server configuration does not work for all clients

Hi,

My DHCP server software is dhcpd v4.4.2 and running on CentOS 7. The DHCP Server IP address is 10.2.1.10.

In the example, the client MAC is 74:a7:11:22:33:44 and its IP is 10.1.14.94.

After I added the client MAC to the subclass "mytest" in the dhcpd.conf and restarted the dhcpd,

I expected the client's next DHCP renew request would not succeed because of

the following statement:

deny members of "mytest" in the pool (range 10.1.1.1 10.1.16.255) definition.

But it did not happen. The client did renewing its address 10.1.14.94 after the server restarts.

By comparison, I added a few other clients to the subclass "mytest" in the dhcpd.conf file and restarted the dhcp servers. Those clients did not renew their existing IP in the range 10.1.1.1 10.1.16.255, instead, got their new IP addresses from the other pool range 10.50.252.1 10.50.255.254. These clients' behavior is expected.

Is this a DHCP sever software bug or something else?

Thanks for your time.

Related lines in the dhcpd.conf:

shared-network net580 {

option domain-name "test.domain.name";

option domain-name-servers 10.3.1.2,10.3.1.3,10.3.1.4;

subnet 10.1.0.0 netmask 255.255.0.0 {

option routers 10.1.0.1;

}

pool {

failover peer "dhcpnet";

deny dynamic bootp clients;

range 10.1.1.1 10.1.16.255;

deny members of "mytest";

default-lease-time 3600;

max-lease-time 3600;

}

pool {

failover peer "dhcpnet";

deny dynamic bootp clients;

range 10.50.252.1 10.50.255.254;

allow members of "mytest";

default-lease-time 300;

max-lease-time 300;

option domain-name-servers 10.2.1.10, 10.2.1.2;

}

}

subclass "mytest" 1:74:A7:11:22:33:44;

Tcpdump DHCP Packets:

13:25:11.943051 IP (tos 0x0, ttl 62, id 23969, offset 0, flags [none], proto UDP (17), length 354)

10.1.0.3.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from 74:a7:11:22:33:44, length 326, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Gateway-IP 10.1.0.3

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: Request

Requested-IP Option 50, length 4: 10.1.14.94

Server-ID Option 54, length 4: 10.2.1.10

MSZ Option 57, length 2: 1500

Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"

Hostname Option 12, length 16: "amazon-72fdddaaa"

Parameter-Request Option 55, length 10:

Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server

Domain-Name, MTU, BR, Lease-Time

RN, RB

Agent-Information Option 82, length 20:

Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0

END Option 255, length 0

13:25:11.943058 IP (tos 0x0, ttl 62, id 39591, offset 0, flags [none], proto UDP (17), length 355)

10.1.0.2.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from 74:a7:11:22:33:44, length 327, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Gateway-IP 10.1.0.2

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: Request

Requested-IP Option 50, length 4: 10.1.14.94

Server-ID Option 54, length 4: 10.2.1.10

MSZ Option 57, length 2: 1500

Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"

Hostname Option 12, length 16: "amazon-72fdddaaa"

Parameter-Request Option 55, length 10:

Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server

Domain-Name, MTU, BR, Lease-Time

RN, RB

Agent-Information Option 82, length 21:

Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0

END Option 255, length 0

13:25:11.943779 IP (tos 0x0, ttl 64, id 37878, offset 0, flags [DF], proto UDP (17), length 365)

10.2.1.10.bootps > 10.1.0.3.bootps: [bad udp cksum 0xc984 -> 0xdcb7!] BOOTP/DHCP, Reply, length 337, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Your-IP 10.1.14.94

Gateway-IP 10.1.0.3

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: ACK

Server-ID Option 54, length 4: 10.2.1.10

Lease-Time Option 51, length 4: 3600

Subnet-Mask Option 1, length 4: 255.255.0.0

Default-Gateway Option 3, length 4: 10.1.0.1

Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4

Domain-Name Option 15, length 31: "test.domain.name"

Agent-Information Option 82, length 20:

Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0

END Option 255, length 0

13:25:11.944080 IP (tos 0x0, ttl 64, id 44173, offset 0, flags [DF], proto UDP (17), length 366)

10.2.1.10.bootps > 10.1.0.2.bootps: [bad udp cksum 0xc984 -> 0xa7b5!] BOOTP/DHCP, Reply, length 338, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Your-IP 10.1.14.94

Gateway-IP 10.1.0.2

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: ACK

Server-ID Option 54, length 4: 10.2.1.10

Lease-Time Option 51, length 4: 3600

Subnet-Mask Option 1, length 4: 255.255.0.0

Default-Gateway Option 3, length 4: 10.1.0.1

Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4

Domain-Name Option 15, length 31: "test.domain.name"

Agent-Information Option 82, length 21:

Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0

END Option 255, length 0

Thanks,

Jim Yang

Cornell IT

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Jim Yang

Re: DHCP server configuration does not work for all clients

Hi,

I made some corrections in my initial email. Sorry for the confusion.

My DHCP server software is dhcpd v4.4.2 and running on CentOS 7. The DHCP Server IP address is 10.2.1.10.

In the example, the client MAC is 74:a7:11:22:33:44 and its IP is 10.1.14.94.

After I added the client MAC to the subclass "mytest" in the dhcpd.conf and restarted the dhcpd,

I expected the client's next DHCP renew request would not succeed because of

the following statement:

deny members of "mytest" in the pool (range 10.1.1.1 10.1.16.255) definition.

But it did not happen. The client did renewing its address 10.1.14.94 after the servers restarted.

By comparison, I added a few other clients to the subclass "mytest" in the dhcpd.conf file and restarted the dhcp servers. Those clients did not renew their existing IPs in the range 10.1.1.1 10.1.16.255, instead, got their new IP addresses from the other pool range 10.1.252.1 10.1.255.254. These clients' behavior is expected.

Is this a DHCP sever software bug or something else?

Thanks for your time.

Related lines in the dhcpd.conf:

shared-network net580 {

option domain-name "test.domain.name";

option domain-name-servers 10.3.1.2,10.3.1.3,10.3.1.4;

subnet 10.1.0.0 netmask 255.255.0.0 {

option routers 10.1.0.1;

}

pool {

failover peer "dhcpnet";

deny dynamic bootp clients;

range 10.1.1.1 10.1.16.255;

deny members of "mytest";

default-lease-time 3600;

max-lease-time 3600;

}

pool {

failover peer "dhcpnet";

deny dynamic bootp clients;

range 10.1.252.1 10.1.255.254;

allow members of "mytest";

default-lease-time 300;

max-lease-time 300;

option domain-name-servers 10.2.1.10, 10.2.1.2;

}

}

subclass "mytest" 1:74:A7:11:22:33:44;

Tcpdump DHCP Packets:

13:25:11.943051 IP (tos 0x0, ttl 62, id 23969, offset 0, flags [none], proto UDP (17), length 354)

10.1.0.3.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from 74:a7:11:22:33:44, length 326, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Gateway-IP 10.1.0.3

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: Request

Requested-IP Option 50, length 4: 10.1.14.94

Server-ID Option 54, length 4: 10.2.1.10

MSZ Option 57, length 2: 1500

Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"

Hostname Option 12, length 16: "amazon-72fdddaaa"

Parameter-Request Option 55, length 10:

Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server

Domain-Name, MTU, BR, Lease-Time

RN, RB

Agent-Information Option 82, length 20:

Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0

END Option 255, length 0

13:25:11.943058 IP (tos 0x0, ttl 62, id 39591, offset 0, flags [none], proto UDP (17), length 355)

10.1.0.2.bootps > 10.2.1.10.bootps: [udp sum ok] BOOTP/DHCP, Request from 74:a7:11:22:33:44, length 327, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Gateway-IP 10.1.0.2

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: Request

Requested-IP Option 50, length 4: 10.1.14.94

Server-ID Option 54, length 4: 10.2.1.10

MSZ Option 57, length 2: 1500

Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"

Hostname Option 12, length 16: "amazon-72fdddaaa"

Parameter-Request Option 55, length 10:

Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server

Domain-Name, MTU, BR, Lease-Time

RN, RB

Agent-Information Option 82, length 21:

Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0

END Option 255, length 0

13:25:11.943779 IP (tos 0x0, ttl 64, id 37878, offset 0, flags [DF], proto UDP (17), length 365)

10.2.1.10.bootps > 10.1.0.3.bootps: [bad udp cksum 0xc984 -> 0xdcb7!] BOOTP/DHCP, Reply, length 337, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Your-IP 10.1.14.94

Gateway-IP 10.1.0.3

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: ACK

Server-ID Option 54, length 4: 10.2.1.10

Lease-Time Option 51, length 4: 3600

Subnet-Mask Option 1, length 4: 255.255.0.0

Default-Gateway Option 3, length 4: 10.1.0.1

Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4

Domain-Name Option 15, length 31: "test.domain.name"

Agent-Information Option 82, length 20:

Circuit-ID SubOption 1, length 18: IRB-irb.2043:ae3.0

END Option 255, length 0

13:25:11.944080 IP (tos 0x0, ttl 64, id 44173, offset 0, flags [DF], proto UDP (17), length 366)

10.2.1.10.bootps > 10.1.0.2.bootps: [bad udp cksum 0xc984 -> 0xa7b5!] BOOTP/DHCP, Reply, length 338, xid 0xffc1ae1b, secs 65535, Flags [none] (0x0000)

Your-IP 10.1.14.94

Gateway-IP 10.1.0.2

Client-Ethernet-Address 74:a7:11:22:33:44

Vendor-rfc1048 Extensions

Magic Cookie 0x65835363

DHCP-Message Option 53, length 1: ACK

Server-ID Option 54, length 4: 10.2.1.10

Lease-Time Option 51, length 4: 3600

Subnet-Mask Option 1, length 4: 255.255.0.0

Default-Gateway Option 3, length 4: 10.1.0.1

Domain-Name-Server Option 6, length 12: 10.3.1.2,10.3.1.3,10.3.1.4

Domain-Name Option 15, length 31: "test.domain.name"

Agent-Information Option 82, length 21:

Circuit-ID SubOption 1, length 19: IRB-irb.2000:ae00.0

END Option 255, length 0

Thanks,

Jim Yang

Cornell IT

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Re: DHCP server configuration does not work for all clients

On 8 Oct 2020, at 20:25, Jim Yang wrote:

Is this a DHCP sever software bug or something else?

Whenever I’ve been surprised by behaviour like this,
it’s been due to a subtle bug in my configuration,
and never to a server software bug.

You show us

subclass "mytest" 1:74:A7:11:22:33:44;

but I can’t see your definition for

class “mytest” { … }

so can’t tell what the value in your subclass
statement is being matched against.

It’s been a while since I’ve needed to configure and run an ISC DHCP server,
so I had to check the relevant section of the documentation:
https://kb.isc.org/docs/en/isc-dhcp-44-manual-pages-dhcpdconf#SUBCLASSES

/Niall

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Jim Yang

Re: DHCP server configuration does not work for all clients

HiNiall,

Thank you for your reply.

class “mytest” {

match option dhcp-client-identifier;

}

It seems that I should change the class definition to match either option dhcp-client-identifier or hardware.

class “mytest” {

            match pick-first-value (option dhcp-client-identifier, hardware);

}

Thanks,

Jim

From: dhcp-users <[hidden email]> on behalf of Niall O'Reilly <[hidden email]>
Reply-To: Users of ISC DHCP <[hidden email]>
Date: Thursday, October 8, 2020 at 3:46 PM
To: Users of ISC DHCP <[hidden email]>
Subject: Re: DHCP server configuration does not work for all clients

On 8 Oct 2020, at 20:25, Jim Yang wrote:

Is this a DHCP sever software bug or something else?

Whenever I’ve been surprised by behaviour like this,
it’s been due to a subtle bug in my configuration,
and never to a server software bug.

You show us

subclass "mytest" 1:74:A7:11:22:33:44;

but I can’t see your definition for

class “mytest” { … }

so can’t tell what the value in your subclass
statement is being matched against.

It’s been a while since I’ve needed to configure and run an ISC DHCP server,
so I had to check the relevant section of the documentation:
https://kb.isc.org/docs/en/isc-dhcp-44-manual-pages-dhcpdconf#SUBCLASSES

/Niall

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Re: DHCP server configuration does not work for all clients

On 8 Oct 2020, at 21:55, Jim Yang wrote:

`class “mytest” {`
match option dhcp-client-identifier;
}

Since your packet-capture doesn't show any option 61 (client id) data,
I would expect the hardware address to be used instead, and
would share your expectation of the behaviour.

We must both be overlooking the same thing.

It seems that I should change the class definition to match either option dhcp-client-identifier or hardware.

`class “mytest” {`
match pick-first-value (option dhcp-client-identifier, hardware);
}

Or even (since you seem to be specifically interested in using the MAC address)

class "mytest" { match hardware; }

which would protect against failing to recognize a client with "Niall's Mac"
as the client id, but would potentially introduce the "docking-station" problem
mentioned in Droms and Lemon.

I'm out of ideas. I hope someone else can contribute the missing insight.

Niall

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Jim Yang

Re: DHCP server configuration does not work for all clients

Niall,

Thank you again for your insight, which is very helpful.

Thank you for your time.

Jim

_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users