Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Re: DHCP sending incorrect gateway in DHCP Reply (Sten Carlsen) ---------------------------------------------------------------------- Message: 1 Date: Wed, 16 Oct 2019 21:38:46 +0200 From: Sten Carlsen <st...@s-carlsen.dk> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: Re: DHCP sending incorrect gateway in DHCP Reply Message-ID: <8e8f9837-2505-44b4-92df-9beee01a4...@s-carlsen.dk> Content-Type: text/plain; charset="utf-8" > On 16 Oct 2019, at 19.36, Eric Koons <ekoons5...@gmail.com> wrote: > > Thanks for the help. I moved the class stuff to the global section and that > is working fine. However, wonder if I can ask another question. I?m trying > to now pass certain options using classes based upon the > vendor-class-identifier. It?s not putting those options in the DHCP reply. > I can provide TCPDUMPS if necessary, but I have verified that the device is > sending the correct and matching vendor class identifier. Is there something > wrong with my config below? This question is for somebody else, I never used this. > > > > > #Global Options: > > #Set the server to authoritative; > authoritative; > > option domain-name-servers 10.123.0.9; > option log-servers 10.123.0.9; > option ntp-servers 10.123.0.9; > option time-servers 10.123.0.9; > > local-address 10.123.0.9; > > #Time Offset > option time-offset -18000; > > #Lease time > default-lease-time 86400; > max-lease-time 172800; > > > > #Time zone > option PCode code 100 = text; > option TCode code 101 = text; > option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; > option TCode "America/New_York?"; > > #Remote Phy Stuff > # option CCAPCore code 43 = string; > option iNode-manager code 43 = string; > > option space VCM; > option VCM.ccap_cores code 61 = { array of ip-address }; > > option VCM.ccap_cores 10.123.4.10, 10.123.4.58; > > default-lease-time 86400; > max-lease-time 172800; > > # Use this to enble / disable dynamic dns updates globally. > ddns-updates on; > ddns-update-style interim; > ddns-rev-domainname "in-addr.arpa"; > deny declines; > deny bootp; > #allow client-updates; > > key dhcpupdate { > algorithm hmac-md5; > secret iY+hMAmhBJvhxc82gX8Vgg==; > } > > zone sectv.com <http://sectv.com/>. { > primary 10.0.40.5; > key dhcpupdate; > } > > zone 10.123.in-addr.arpa. { > primary 10.0.40.5; > key dhcpupdate; > } > > > # Use this to send dhcp log messages to a different log file (you also > # have to hack syslog.conf to complete the redirection). > log-facility local7; > > #10.123.0.0/24 Subnet - Management > subnet 10.123.0.0 netmask 255.255.255.0 { > #No options or ranges defined - No DHCP > } > > # 10.123.4.40/29 Subnet > subnet 10.123.4.40 netmask 255.255.255.248 { > range 10.123.4.42 10.123.4.46; > option subnet-mask 255.255.255.248; > option domain-search "sectv.com <http://sectv.com/>"; > option routers 10.123.4.41; > option broadcast-address 10.123.4.47; > } > > # 10.123.4.48/29 Subnet > subnet 10.123.4.48 netmask 255.255.255.248 { > range 10.123.4.50 10.123.4.54; > option subnet-mask 255.255.255.248; > option domain-search "sectv.com <http://sectv.com/>"; > option routers 10.123.4.49; > option broadcast-address 10.123.4.55; > } > > # 10.123.4.56/29 Subnet > #Vecima Node Manager > subnet 10.123.4.56 netmask 255.255.255.248 { > range 10.123.4.58 10.123.4.62; > option subnet-mask 255.255.255.248; > option domain-search "sectv.com <http://sectv.com/>"; > option routers 10.123.4.57; > option broadcast-address 10.123.4.63; > } > > class "RPD" { > match if option vendor-class-identifier="RPD"; > vendor-option-space VCM; > option VCM.ccap_cores 10.123.4.10, 10.123.4.58; > } > class "Inode" { > match if option vendor-class-identifier="Cisco.iNode.oib.1.0"; > option iNode-manager 01:04:0a:7b:00:0a; > option tftp-server-name "10.123.0.9"; > option bootfile-name "inode.bin"; > } > > > >> On Oct 16, 2019, at 12:27 PM, Sten Carlsen <st...@s-carlsen.dk >> <mailto:st...@s-carlsen.dk>> wrote: >> >> >> >>> On 16 Oct 2019, at 16.07, Eric Koons <ekoons5...@gmail.com >>> <mailto:ekoons5...@gmail.com>> wrote: >>> >>> I?m having an issue with ISC DHCP where it?s sending the incorrect router >>> option/gateway in the DHCP reply. Any help is appreciated. >>> >>> Below is a capture using TCPDUMP on the DHCP server. With this particular >>> request, it should be sending the Gateway of 10.123.4.41, but it?s sending >>> 10.123.4.49 which is the gateway option defined in the other scope. It >>> almost seems like the first device in a DHCP scope that comes online the >>> Server uses that as the router option for all other requests. I?ve also >>> attached a copy of the dhcpd.conf file below. This is on a CENTOS server: >>> CentOS Linux release 7.7.1908 (Core). >>> >>> 09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 >>> (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], >>> proto UDP (17), length 428) >>> 10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, >>> Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] >>> (0x0000) >>> Gateway-IP 10.123.4.41 >>> Client-Ethernet-Address 00:18:48:02:6e:a0 >>> Vendor-rfc1048 Extensions >>> Magic Cookie 0x63825363 >>> DHCP-Message Option 53, length 1: Request >>> Server-ID Option 54, length 4: 10.123.0.9 >>> Requested-IP Option 50, length 4: 10.123.4.45 >>> Parameter-Request Option 55, length 12: >>> Subnet-Mask, BR, Time-Zone, Default-Gateway >>> Domain-Name, Domain-Name-Server, Hostname, Vendor-Option >>> Time-Server, BF, TFTP, WWW >>> Vendor-Option Option 43, length 86: >>> 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46 >>> Vendor-Class Option 60, length 3: "RPD" >>> Client-ID Option 61, length 15: hardware-type 255, >>> 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0 >>> Agent-Information Option 82, length 18: >>> Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C >>> Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^ >>> END Option 255, length 0 >>> 09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 >>> (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], >>> proto UDP (17), length 367) >>> 10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> >>> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000) >>> Your-IP 10.123.4.45 >> >> This means the device is gets an address from "# 10.123.4.40/29 Subnet". >> >>> Gateway-IP 10.123.4.41 >>> Client-Ethernet-Address 00:18:48:02:6e:a0 >>> Vendor-rfc1048 Extensions >>> Magic Cookie 0x63825363 >>> DHCP-Message Option 53, length 1: ACK >>> Server-ID Option 54, length 4: 10.123.0.9 >>> Lease-Time Option 51, length 4: 86400 >>> Subnet-Mask Option 1, length 4: 255.255.255.248 >>> BR Option 28, length 4: 10.123.4.55 >>> Time-Zone Option 2, length 4: -18000 >>> Default-Gateway Option 3, length 4: 10.123.4.49 >> >> The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such >> inherits the gateway from here. >> >> Nothing in the configuration tells the server which subnet to allocate >> addresses from, no allow or deny statements. >> The server is free to select an address in any subnet according to its >> algorithms but the gataeway is taken from one specific subnet. >> >> Solution: >> 1 - move all class definitions to the global level, they are global anyway, >> except for inheritance. >> 2 - use allow/deny statements to tell the server from which subnet is may >> allocate addresses to a specific class or unknown clients. >> >>> Domain-Name Option 15, length 13: "rpd.sectv.com >>> <http://rpd.sectv.com/>" >>> Domain-Name-Server Option 6, length 4: 10.123.0.9 >>> Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58 >>> Time-Server Option 4, length 4: 10.123.0.9 >>> Agent-Information Option 82, length 18: >>> Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C >>> Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^ >>> END Option 255, length 0 >>> >>> Here is a copy of my dhcpd.conf: >>> >>> #Global Options: >>> >>> #Set the server to authoritative; >>> authoritative; >>> >>> option domain-name-servers 10.123.0.9; >>> option log-servers 10.123.0.9; >>> option ntp-servers 10.123.0.9; >>> option time-servers 10.123.0.9; >>> >>> local-address 10.123.0.9; >>> >>> #Time Offset >>> option time-offset -18000; >>> >>> #Lease time >>> default-lease-time 86400; >>> max-lease-time 172800; >>> >>> >>> >>> #Time zone >>> option PCode code 100 = text; >>> option TCode code 101 = text; >>> option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00"; >>> option TCode "America/New_York?"; >>> >>> #Remote Phy Stuff >>> # option CCAPCore code 43 = string; >>> # option iNode-manager code 43 = string; >>> >>> option space VCM; >>> option VCM.ccap_cores code 61 = { array of ip-address }; >>> >>> default-lease-time 86400; >>> max-lease-time 172800; >>> >>> >>> # Use this to enble / disable dynamic dns updates globally. >>> # ddns-updates on; >>> # ddns-update-style interim; >>> # ddns-rev-domainname "in-addr.arpa"; >>> # deny declines; >>> # deny bootp; >>> #allow client-updates; >>> >>> # key dhcpupdate { >>> # algorithm hmac-md5; >>> # secret iY+hMAmhBJvhxc82gX8Vgg==; >>> # } >>> >>> # zone sectv.com <http://sectv.com/>. { >>> # primary 10.0.40.5; >>> # key dhcpupdate; >>> # } >>> >>> # zone 10.123.in-addr.arpa. { >>> # primary 10.0.40.5; >>> # key dhcpupdate; >>> # } >>> >>> >>> # Use this to send dhcp log messages to a different log file (you also >>> # have to hack syslog.conf to complete the redirection). >>> log-facility local7; >>> >>> #10.123.0.0/24 Subnet - Management >>> subnet 10.123.0.0 netmask 255.255.255.0 { >>> #No options or ranges defined - No DHCP >>> } >>> >>> # 10.123.4.40/29 Subnet >>> subnet 10.123.4.40 netmask 255.255.255.248 { >>> range 10.123.4.42 10.123.4.46; >>> option subnet-mask 255.255.255.248; >>> option domain-search "sectv.com <http://sectv.com/>"; >>> option routers 10.123.4.41; >>> option broadcast-address 10.123.4.47; >>> # class "CiscoRPD" { >>> # match if option vendor-class-identifier="RPD"; >>> vendor-option-space VCM; >>> option VCM.ccap_cores 10.123.4.10, 10.123.4.58; >>> option domain-name "rpd.sectv.com <http://rpd.sectv.com/>"; >>> # } >>> # class "CiscoiNode"{ >>> # match if option >>> vendor-class-identifier="Cisco.iNode.oib.1.0"; >>> # option iNode-manager 01:04:0a:7b:00:0a; >>> # option tftp-server-name "10.123.0.9"; >>> # option bootfile-name "inode.bin"; >>> # option domain-name "inode.sectv.com >>> <http://inode.sectv.com/>"; >>> # } >>> } >>> >>> # 10.123.4.48/29 Subnet >>> subnet 10.123.4.48 netmask 255.255.255.248 { >>> range 10.123.4.50 10.123.4.54; >>> option subnet-mask 255.255.255.248; >>> option domain-search "sectv.com <http://sectv.com/>"; >>> option routers 10.123.4.49; >>> option broadcast-address 10.123.4.55; >>> class "CiscoRPD" { >>> match if option vendor-class-identifier="RPD"; >>> vendor-option-space VCM; >>> option VCM.ccap_cores 10.123.4.10, 10.123.4.58; >>> option domain-name "rpd.sectv.com <http://rpd.sectv.com/>"; >>> } >>> # class "CiscoiNode"{ >>> # match if option >>> vendor-class-identifier="Cisco.iNode.oib.1.0"; >>> # option iNode-manager 01:04:0a:7b:00:0a; >>> # option tftp-server-name "10.123.0.9"; >>> # option bootfile-name "inode.bin"; >>> # option domain-name "inode.sectv.com >>> <http://inode.sectv.com/>"; >>> # } >>> } >>> >>> # 10.123.4.56/29 Subnet >>> subnet 10.123.4.56 netmask 255.255.255.248 { >>> range 10.123.4.58 10.123.4.62; >>> option subnet-mask 255.255.255.248; >>> option domain-search "sectv.com <http://sectv.com/>"; >>> option routers 10.123.4.57; >>> option broadcast-address 10.123.4.63; >>> } >>> _______________________________________________ >>> dhcp-users mailing list >>> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org> >>> https://lists.isc.org/mailman/listinfo/dhcp-users >>> <https://lists.isc.org/mailman/listinfo/dhcp-users> >> >> _______________________________________________ >> dhcp-users mailing list >> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org> >> https://lists.isc.org/mailman/listinfo/dhcp-users >> <https://lists.isc.org/mailman/listinfo/dhcp-users> > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20191016/c0674fa0/attachment.htm> ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 132, Issue 18 *******************************************