Linux DHCP sending wrong parameters in offer packet

Class should be global, I believe.  That is my understanding anyway.  You shouldn't have them inside of a subnet {} or shared-network {} statement.  The limiting occurs with the match if statement.  That is my understanding anyways.

---

From: "Gaikwad Yogesh" [hidden email]
To: "Users of ISC DHCP" [hidden email]
Sent: Friday, January 25, 2019 9:43:48 AM
Subject: RE: Linux DHCP sending wrong parameters in offer packet

Hi Glenn,

I followed Cisco documentation on below link to configure the option 43 for Cisco AP's:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html


There are two parts to this config, one is in the global config, and other part sits inside the subnet.

Below lines are in the global configuration

# CISCO OPTION 43
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;


And then below is the subnet configuration

subnet 10.56.20.0 netmask 255.255.255.0 {
   option routers 10.56.20.1;
   option subnet-mask 255.255.255.0;
   option broadcast-address 10.56.20.255;
   default-lease-time 43200;

class "Cisco AP c3800" {

   match if option vendor-class-identifier = "Cisco AP c3800";
   option vendor-class-identifier "Cisco AP c3800";
   vendor-option-space Cisco_LWAPP_AP;
   option Cisco_LWAPP_AP.server-address 10.140.1.1; }

   pool {
      failover peer "te-failover";
      deny dynamic bootp clients;
      range 10.56.20.10 10.56.20.250;
   }
}



We have several such subnets configured which have this 'class "Cisco AP c3800"' configuration inside the subnets, the above mentioned subnet sits at the end of the dhcpd.conf file.

I understood your concern to have it configured globally, but then what if I want to have a different 'Cisco_LWAPP_AP.server-address' for different subnets?



Best regards,

Yogesh Gaikwad, Technical Architect - TECA Network

Tieto Corporation, TSM

-----Original Message-----
From: dhcp-users [[hidden email]] On Behalf Of Glenn Satchell
Sent: Friday, January 25, 2019 7:45 PM
To: Users of ISC DHCP [hidden email]
Subject: Re: Linux DHCP sending wrong parameters in offer packet

Hi Yogesh,

Without seeing hyour config file I can guess that the option 43 setting should be set in the global configuration rather than inside one of your subnets. Setting it inside the subnet causes inheritance of those subnet values.

To confirm, could you please post your dhcpd.conf? If it is is very large perhaps you might post the relevant parts.

regards,
-glenn
--
Glenn Satchell    [hidden email]  |  Today is the past
Uniq Advances Pty Ltd        http://www.uniq.com.au  |  that people in
Mobile 0409 458 580                                  |  the future will
Member IT Professionals Association www.itpa.org.au  |  dream about.

On Fri, January 25, 2019 11:41 pm, Gaikwad Yogesh wrote:
> Hi,
>
>
> There is issue that linux DHCP is sending wrong parameters while
> sending offer packet for Cisco AP's in one of our office locations.
>
> I have taken packet captures on the DHCP server side.
>
>
> As you can see in below packet capture there is DHCP DISCOVER message
> from Cisco AP requesting for IP and other parameters.
>
> Then in DHCP offer packet, it offers IP from correct subnet, but with
> wrong router IP, subnet mask and broadcast address.
>
> Basically, my observation is that it is giving wrong parameters in
> offer from the topmost subnet (as linux works from top to bottom
> approach) that has cisco option 43 configured. If I remove the Cisco
> option 43 from that subnet then it provides parameters from next
> subnet which has the Cisco option 43 in it.
>
> The correct subnet from which I am expecting that the AP should get
> all its parameters is configured at the end of the DHCP conf file.
>
>
> DHCP DISCOVER PACKET
>
>
> [<a class="moz-txt-link-freetext" href="cid:image001.png@01D4B4D9.6F320900">cid:image001.png@01D4B4D9.6F320900]
>
>
>
> DHCP OFFER PACKET
>
>
> [<a class="moz-txt-link-freetext" href="cid:image002.png@01D4B4D9.6F320900">cid:image002.png@01D4B4D9.6F320900]
>
>
>
>
>
> Best regards,
>
>
> Yogesh Gaikwad, Technical Architect - TECA Network
>
>
> Tieto Corporation, TSM
>
>
> email [hidden email][hidden email],
> direct
> +91 (0)2067303120
> Wing 1, Cluster D, EON Free Zone, MIDC Kharadi Knowledge Park, Pune -
> 411 014, India
>
>
> [Tieto_logo_for_email_signature_127x50]<http://www.tieto.com/>
>
>
> Please note: The information contained in this message may be legally
> privileged, confidential and protected from disclosure. If you
> received this in error, please notify the sender immediately and
> delete the message from your computer. Thank you.
>
> _______________________________________________
> dhcp-users mailing list [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>




_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

Hello

As others have pointed out, classes must only be defined globally.  Defining them within subnets or networks is not supported and it can have odd effects on statement execution/option values.  The configuration parser currently does not complain when you do this but it probably should.  We will very likely add at least a warning if not an error for this.

Regards,

Thomas Markwalder,
ISC Software Engineering

On 1/25/19 11:29 AM, perl-list wrote:

Class should be global, I believe.  That is my understanding anyway.  You shouldn't have them inside of a subnet {} or shared-network {} statement.  The limiting occurs with the match if statement.  That is my understanding anyways.

---

From: "Gaikwad Yogesh" [hidden email]
To: "Users of ISC DHCP" [hidden email]
Sent: Friday, January 25, 2019 9:43:48 AM
Subject: RE: Linux DHCP sending wrong parameters in offer packet

Hi Glenn,

I followed Cisco documentation on below link to configure the option 43 for Cisco AP's:

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html


There are two parts to this config, one is in the global config, and other part sits inside the subnet.

Below lines are in the global configuration

# CISCO OPTION 43
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;


And then below is the subnet configuration

subnet 10.56.20.0 netmask 255.255.255.0 {
   option routers 10.56.20.1;
   option subnet-mask 255.255.255.0;
   option broadcast-address 10.56.20.255;
   default-lease-time 43200;

class "Cisco AP c3800" {

   match if option vendor-class-identifier = "Cisco AP c3800";
   option vendor-class-identifier "Cisco AP c3800";
   vendor-option-space Cisco_LWAPP_AP;
   option Cisco_LWAPP_AP.server-address 10.140.1.1; }

   pool {
      failover peer "te-failover";
      deny dynamic bootp clients;
      range 10.56.20.10 10.56.20.250;
   }
}



We have several such subnets configured which have this 'class "Cisco AP c3800"' configuration inside the subnets, the above mentioned subnet sits at the end of the dhcpd.conf file.

I understood your concern to have it configured globally, but then what if I want to have a different 'Cisco_LWAPP_AP.server-address' for different subnets?



Best regards,

Yogesh Gaikwad, Technical Architect - TECA Network

Tieto Corporation, TSM

-----Original Message-----
From: dhcp-users [[hidden email]] On Behalf Of Glenn Satchell
Sent: Friday, January 25, 2019 7:45 PM
To: Users of ISC DHCP [hidden email]
Subject: Re: Linux DHCP sending wrong parameters in offer packet

Hi Yogesh,

Without seeing hyour config file I can guess that the option 43 setting should be set in the global configuration rather than inside one of your subnets. Setting it inside the subnet causes inheritance of those subnet values.

To confirm, could you please post your dhcpd.conf? If it is is very large perhaps you might post the relevant parts.

regards,
-glenn
--
Glenn Satchell    [hidden email]  |  Today is the past
Uniq Advances Pty Ltd        http://www.uniq.com.au  |  that people in
Mobile 0409 458 580                                  |  the future will
Member IT Professionals Association www.itpa.org.au  |  dream about.

On Fri, January 25, 2019 11:41 pm, Gaikwad Yogesh wrote:
> Hi,
>
>
> There is issue that linux DHCP is sending wrong parameters while
> sending offer packet for Cisco AP's in one of our office locations.
>
> I have taken packet captures on the DHCP server side.
>
>
> As you can see in below packet capture there is DHCP DISCOVER message
> from Cisco AP requesting for IP and other parameters.
>
> Then in DHCP offer packet, it offers IP from correct subnet, but with
> wrong router IP, subnet mask and broadcast address.
>
> Basically, my observation is that it is giving wrong parameters in
> offer from the topmost subnet (as linux works from top to bottom
> approach) that has cisco option 43 configured. If I remove the Cisco
> option 43 from that subnet then it provides parameters from next
> subnet which has the Cisco option 43 in it.
>
> The correct subnet from which I am expecting that the AP should get
> all its parameters is configured at the end of the DHCP conf file.
>
>
> DHCP DISCOVER PACKET
>
>
> [<a class="moz-txt-link-freetext" href="cid:image001.png@01D4B4D9.6F320900" moz-do-not-send="true">cid:image001.png@01D4B4D9.6F320900]
>
>
>
> DHCP OFFER PACKET
>
>
> [<a class="moz-txt-link-freetext" href="cid:image002.png@01D4B4D9.6F320900" moz-do-not-send="true">cid:image002.png@01D4B4D9.6F320900]
>
>
>
>
>
> Best regards,
>
>
> Yogesh Gaikwad, Technical Architect - TECA Network
>
>
> Tieto Corporation, TSM
>
>
> email [hidden email][hidden email],
> direct
> +91 (0)2067303120
> Wing 1, Cluster D, EON Free Zone, MIDC Kharadi Knowledge Park, Pune -
> 411 014, India
>
>
> [Tieto_logo_for_email_signature_127x50]<http://www.tieto.com/>
>
>
> Please note: The information contained in this message may be legally
> privileged, confidential and protected from disclosure. If you
> received this in error, please notify the sender immediately and
> delete the message from your computer. Thank you.
>
> _______________________________________________
> dhcp-users mailing list [hidden email]
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>




_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users