Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Re: DHCP sending incorrect gateway in DHCP Reply (Sten Carlsen)
----------------------------------------------------------------------
Message: 1
Date: Wed, 16 Oct 2019 21:38:46 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DHCP sending incorrect gateway in DHCP Reply
Message-ID: <8e8f9837-2505-44b4-92df-9beee01a4...@s-carlsen.dk>
Content-Type: text/plain; charset="utf-8"
> On 16 Oct 2019, at 19.36, Eric Koons <ekoons5...@gmail.com> wrote:
>
> Thanks for the help. I moved the class stuff to the global section and that
> is working fine. However, wonder if I can ask another question. I?m trying
> to now pass certain options using classes based upon the
> vendor-class-identifier. It?s not putting those options in the DHCP reply.
> I can provide TCPDUMPS if necessary, but I have verified that the device is
> sending the correct and matching vendor class identifier. Is there something
> wrong with my config below?
This question is for somebody else, I never used this.
>
>
>
>
> #Global Options:
>
> #Set the server to authoritative;
> authoritative;
>
> option domain-name-servers 10.123.0.9;
> option log-servers 10.123.0.9;
> option ntp-servers 10.123.0.9;
> option time-servers 10.123.0.9;
>
> local-address 10.123.0.9;
>
> #Time Offset
> option time-offset -18000;
>
> #Lease time
> default-lease-time 86400;
> max-lease-time 172800;
>
>
>
> #Time zone
> option PCode code 100 = text;
> option TCode code 101 = text;
> option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
> option TCode "America/New_York?";
>
> #Remote Phy Stuff
> # option CCAPCore code 43 = string;
> option iNode-manager code 43 = string;
>
> option space VCM;
> option VCM.ccap_cores code 61 = { array of ip-address };
>
> option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>
> default-lease-time 86400;
> max-lease-time 172800;
>
> # Use this to enble / disable dynamic dns updates globally.
> ddns-updates on;
> ddns-update-style interim;
> ddns-rev-domainname "in-addr.arpa";
> deny declines;
> deny bootp;
> #allow client-updates;
>
> key dhcpupdate {
> algorithm hmac-md5;
> secret iY+hMAmhBJvhxc82gX8Vgg==;
> }
>
> zone sectv.com <http://sectv.com/>. {
> primary 10.0.40.5;
> key dhcpupdate;
> }
>
> zone 10.123.in-addr.arpa. {
> primary 10.0.40.5;
> key dhcpupdate;
> }
>
>
> # Use this to send dhcp log messages to a different log file (you also
> # have to hack syslog.conf to complete the redirection).
> log-facility local7;
>
> #10.123.0.0/24 Subnet - Management
> subnet 10.123.0.0 netmask 255.255.255.0 {
> #No options or ranges defined - No DHCP
> }
>
> # 10.123.4.40/29 Subnet
> subnet 10.123.4.40 netmask 255.255.255.248 {
> range 10.123.4.42 10.123.4.46;
> option subnet-mask 255.255.255.248;
> option domain-search "sectv.com <http://sectv.com/>";
> option routers 10.123.4.41;
> option broadcast-address 10.123.4.47;
> }
>
> # 10.123.4.48/29 Subnet
> subnet 10.123.4.48 netmask 255.255.255.248 {
> range 10.123.4.50 10.123.4.54;
> option subnet-mask 255.255.255.248;
> option domain-search "sectv.com <http://sectv.com/>";
> option routers 10.123.4.49;
> option broadcast-address 10.123.4.55;
> }
>
> # 10.123.4.56/29 Subnet
> #Vecima Node Manager
> subnet 10.123.4.56 netmask 255.255.255.248 {
> range 10.123.4.58 10.123.4.62;
> option subnet-mask 255.255.255.248;
> option domain-search "sectv.com <http://sectv.com/>";
> option routers 10.123.4.57;
> option broadcast-address 10.123.4.63;
> }
>
> class "RPD" {
> match if option vendor-class-identifier="RPD";
> vendor-option-space VCM;
> option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
> }
> class "Inode" {
> match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
> option iNode-manager 01:04:0a:7b:00:0a;
> option tftp-server-name "10.123.0.9";
> option bootfile-name "inode.bin";
> }
>
>
>
>> On Oct 16, 2019, at 12:27 PM, Sten Carlsen <st...@s-carlsen.dk
>> <mailto:st...@s-carlsen.dk>> wrote:
>>
>>
>>
>>> On 16 Oct 2019, at 16.07, Eric Koons <ekoons5...@gmail.com
>>> <mailto:ekoons5...@gmail.com>> wrote:
>>>
>>> I?m having an issue with ISC DHCP where it?s sending the incorrect router
>>> option/gateway in the DHCP reply. Any help is appreciated.
>>>
>>> Below is a capture using TCPDUMP on the DHCP server. With this particular
>>> request, it should be sending the Gateway of 10.123.4.41, but it?s sending
>>> 10.123.4.49 which is the gateway option defined in the other scope. It
>>> almost seems like the first device in a DHCP scope that comes online the
>>> Server uses that as the router option for all other requests. I?ve also
>>> attached a copy of the dhcpd.conf file below. This is on a CENTOS server:
>>> CentOS Linux release 7.7.1908 (Core).
>>>
>>> 09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4
>>> (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none],
>>> proto UDP (17), length 428)
>>> 10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP,
>>> Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none]
>>> (0x0000)
>>> Gateway-IP 10.123.4.41
>>> Client-Ethernet-Address 00:18:48:02:6e:a0
>>> Vendor-rfc1048 Extensions
>>> Magic Cookie 0x63825363
>>> DHCP-Message Option 53, length 1: Request
>>> Server-ID Option 54, length 4: 10.123.0.9
>>> Requested-IP Option 50, length 4: 10.123.4.45
>>> Parameter-Request Option 55, length 12:
>>> Subnet-Mask, BR, Time-Zone, Default-Gateway
>>> Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
>>> Time-Server, BF, TFTP, WWW
>>> Vendor-Option Option 43, length 86:
>>> 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
>>> Vendor-Class Option 60, length 3: "RPD"
>>> Client-ID Option 61, length 15: hardware-type 255,
>>> 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
>>> Agent-Information Option 82, length 18:
>>> Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
>>> Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
>>> END Option 255, length 0
>>> 09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4
>>> (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF],
>>> proto UDP (17), length 367)
>>> 10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 ->
>>> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
>>> Your-IP 10.123.4.45
>>
>> This means the device is gets an address from "# 10.123.4.40/29 Subnet".
>>
>>> Gateway-IP 10.123.4.41
>>> Client-Ethernet-Address 00:18:48:02:6e:a0
>>> Vendor-rfc1048 Extensions
>>> Magic Cookie 0x63825363
>>> DHCP-Message Option 53, length 1: ACK
>>> Server-ID Option 54, length 4: 10.123.0.9
>>> Lease-Time Option 51, length 4: 86400
>>> Subnet-Mask Option 1, length 4: 255.255.255.248
>>> BR Option 28, length 4: 10.123.4.55
>>> Time-Zone Option 2, length 4: -18000
>>> Default-Gateway Option 3, length 4: 10.123.4.49
>>
>> The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such
>> inherits the gateway from here.
>>
>> Nothing in the configuration tells the server which subnet to allocate
>> addresses from, no allow or deny statements.
>> The server is free to select an address in any subnet according to its
>> algorithms but the gataeway is taken from one specific subnet.
>>
>> Solution:
>> 1 - move all class definitions to the global level, they are global anyway,
>> except for inheritance.
>> 2 - use allow/deny statements to tell the server from which subnet is may
>> allocate addresses to a specific class or unknown clients.
>>
>>> Domain-Name Option 15, length 13: "rpd.sectv.com
>>> <http://rpd.sectv.com/>"
>>> Domain-Name-Server Option 6, length 4: 10.123.0.9
>>> Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
>>> Time-Server Option 4, length 4: 10.123.0.9
>>> Agent-Information Option 82, length 18:
>>> Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
>>> Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
>>> END Option 255, length 0
>>>
>>> Here is a copy of my dhcpd.conf:
>>>
>>> #Global Options:
>>>
>>> #Set the server to authoritative;
>>> authoritative;
>>>
>>> option domain-name-servers 10.123.0.9;
>>> option log-servers 10.123.0.9;
>>> option ntp-servers 10.123.0.9;
>>> option time-servers 10.123.0.9;
>>>
>>> local-address 10.123.0.9;
>>>
>>> #Time Offset
>>> option time-offset -18000;
>>>
>>> #Lease time
>>> default-lease-time 86400;
>>> max-lease-time 172800;
>>>
>>>
>>>
>>> #Time zone
>>> option PCode code 100 = text;
>>> option TCode code 101 = text;
>>> option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
>>> option TCode "America/New_York?";
>>>
>>> #Remote Phy Stuff
>>> # option CCAPCore code 43 = string;
>>> # option iNode-manager code 43 = string;
>>>
>>> option space VCM;
>>> option VCM.ccap_cores code 61 = { array of ip-address };
>>>
>>> default-lease-time 86400;
>>> max-lease-time 172800;
>>>
>>>
>>> # Use this to enble / disable dynamic dns updates globally.
>>> # ddns-updates on;
>>> # ddns-update-style interim;
>>> # ddns-rev-domainname "in-addr.arpa";
>>> # deny declines;
>>> # deny bootp;
>>> #allow client-updates;
>>>
>>> # key dhcpupdate {
>>> # algorithm hmac-md5;
>>> # secret iY+hMAmhBJvhxc82gX8Vgg==;
>>> # }
>>>
>>> # zone sectv.com <http://sectv.com/>. {
>>> # primary 10.0.40.5;
>>> # key dhcpupdate;
>>> # }
>>>
>>> # zone 10.123.in-addr.arpa. {
>>> # primary 10.0.40.5;
>>> # key dhcpupdate;
>>> # }
>>>
>>>
>>> # Use this to send dhcp log messages to a different log file (you also
>>> # have to hack syslog.conf to complete the redirection).
>>> log-facility local7;
>>>
>>> #10.123.0.0/24 Subnet - Management
>>> subnet 10.123.0.0 netmask 255.255.255.0 {
>>> #No options or ranges defined - No DHCP
>>> }
>>>
>>> # 10.123.4.40/29 Subnet
>>> subnet 10.123.4.40 netmask 255.255.255.248 {
>>> range 10.123.4.42 10.123.4.46;
>>> option subnet-mask 255.255.255.248;
>>> option domain-search "sectv.com <http://sectv.com/>";
>>> option routers 10.123.4.41;
>>> option broadcast-address 10.123.4.47;
>>> # class "CiscoRPD" {
>>> # match if option vendor-class-identifier="RPD";
>>> vendor-option-space VCM;
>>> option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>>> option domain-name "rpd.sectv.com <http://rpd.sectv.com/>";
>>> # }
>>> # class "CiscoiNode"{
>>> # match if option
>>> vendor-class-identifier="Cisco.iNode.oib.1.0";
>>> # option iNode-manager 01:04:0a:7b:00:0a;
>>> # option tftp-server-name "10.123.0.9";
>>> # option bootfile-name "inode.bin";
>>> # option domain-name "inode.sectv.com
>>> <http://inode.sectv.com/>";
>>> # }
>>> }
>>>
>>> # 10.123.4.48/29 Subnet
>>> subnet 10.123.4.48 netmask 255.255.255.248 {
>>> range 10.123.4.50 10.123.4.54;
>>> option subnet-mask 255.255.255.248;
>>> option domain-search "sectv.com <http://sectv.com/>";
>>> option routers 10.123.4.49;
>>> option broadcast-address 10.123.4.55;
>>> class "CiscoRPD" {
>>> match if option vendor-class-identifier="RPD";
>>> vendor-option-space VCM;
>>> option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>>> option domain-name "rpd.sectv.com <http://rpd.sectv.com/>";
>>> }
>>> # class "CiscoiNode"{
>>> # match if option
>>> vendor-class-identifier="Cisco.iNode.oib.1.0";
>>> # option iNode-manager 01:04:0a:7b:00:0a;
>>> # option tftp-server-name "10.123.0.9";
>>> # option bootfile-name "inode.bin";
>>> # option domain-name "inode.sectv.com
>>> <http://inode.sectv.com/>";
>>> # }
>>> }
>>>
>>> # 10.123.4.56/29 Subnet
>>> subnet 10.123.4.56 netmask 255.255.255.248 {
>>> range 10.123.4.58 10.123.4.62;
>>> option subnet-mask 255.255.255.248;
>>> option domain-search "sectv.com <http://sectv.com/>";
>>> option routers 10.123.4.57;
>>> option broadcast-address 10.123.4.63;
>>> }
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20191016/c0674fa0/attachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 132, Issue 18
*******************************************
