Send dhcp-users mailing list submissions to
        dhcp-users@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
        dhcp-users-requ...@lists.isc.org

You can reach the person managing the list at
        dhcp-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Re: DHCP sending incorrect gateway in DHCP Reply (Sten Carlsen)


----------------------------------------------------------------------

Message: 1
Date: Wed, 16 Oct 2019 21:38:46 +0200
From: Sten Carlsen <st...@s-carlsen.dk>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: Re: DHCP sending incorrect gateway in DHCP Reply
Message-ID: <8e8f9837-2505-44b4-92df-9beee01a4...@s-carlsen.dk>
Content-Type: text/plain; charset="utf-8"



> On 16 Oct 2019, at 19.36, Eric Koons <ekoons5...@gmail.com> wrote:
> 
> Thanks for the help.  I moved the class stuff to the global section and that 
> is working fine.   However, wonder if I can ask another question.  I?m trying 
> to now pass certain options using classes based upon the 
> vendor-class-identifier.  It?s not putting those options in the DHCP reply.  
> I can provide TCPDUMPS if necessary, but I have verified that the device is 
> sending the correct and matching vendor class identifier.  Is there something 
> wrong with my config below?

This question is for somebody else, I never used this.

> 
> 
> 
> 
> #Global Options:   
> 
>         #Set the server to authoritative;
>         authoritative;      
> 
>         option domain-name-servers 10.123.0.9;
>         option log-servers 10.123.0.9;
>         option ntp-servers 10.123.0.9;
>         option time-servers 10.123.0.9;
> 
>         local-address 10.123.0.9;
> 
>         #Time Offset
>         option time-offset -18000;
> 
>         #Lease time
>         default-lease-time 86400;
>         max-lease-time 172800;
> 
> 
> 
>         #Time zone
>         option PCode code 100 = text;
>         option TCode code 101 = text;
>         option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
>         option TCode "America/New_York?";
> 
>         #Remote Phy Stuff
>        # option CCAPCore code 43 = string;
>         option iNode-manager code 43 = string;
> 
>         option space VCM;
>         option VCM.ccap_cores code 61 = { array of ip-address };
> 
>         option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
> 
>         default-lease-time 86400;
>         max-lease-time 172800;
> 
> # Use this to enble / disable dynamic dns updates globally.
>        ddns-updates        on;
>         ddns-update-style interim;
>         ddns-rev-domainname "in-addr.arpa";
>         deny declines;
>         deny bootp;
>         #allow client-updates;
> 
>         key dhcpupdate {
>                 algorithm hmac-md5;
>                 secret iY+hMAmhBJvhxc82gX8Vgg==;
>         }
> 
>         zone sectv.com <http://sectv.com/>. {
>                 primary 10.0.40.5;
>                 key dhcpupdate;
>         }
> 
>         zone 10.123.in-addr.arpa. {
>         primary 10.0.40.5;
>         key dhcpupdate;
>         }
> 
> 
> # Use this to send dhcp log messages to a different log file (you also
> # have to hack syslog.conf to complete the redirection).
> log-facility local7;
> 
> #10.123.0.0/24 Subnet - Management
> subnet 10.123.0.0 netmask 255.255.255.0 {
> #No options or ranges defined - No DHCP
> }
> 
> # 10.123.4.40/29 Subnet
> subnet 10.123.4.40 netmask 255.255.255.248 {
>         range 10.123.4.42 10.123.4.46;
>         option subnet-mask              255.255.255.248;
>         option domain-search "sectv.com <http://sectv.com/>";
>         option routers 10.123.4.41;
>         option broadcast-address 10.123.4.47;
> }
> 
> # 10.123.4.48/29 Subnet
> subnet 10.123.4.48 netmask 255.255.255.248 {
>         range 10.123.4.50 10.123.4.54;
>         option subnet-mask              255.255.255.248;
>         option domain-search "sectv.com <http://sectv.com/>";
>         option routers 10.123.4.49;
>         option broadcast-address 10.123.4.55;
> }
> 
>  # 10.123.4.56/29 Subnet
> #Vecima Node Manager
> subnet 10.123.4.56 netmask 255.255.255.248 {
>         range 10.123.4.58 10.123.4.62;
>         option subnet-mask              255.255.255.248;
>         option domain-search "sectv.com <http://sectv.com/>";
>         option routers 10.123.4.57;
>         option broadcast-address 10.123.4.63;
> }
> 
> class "RPD" {
>                 match if option vendor-class-identifier="RPD"; 
>                 vendor-option-space VCM;
>                 option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>         }      
> class "Inode" {
>                 match if option vendor-class-identifier="Cisco.iNode.oib.1.0";
>                 option iNode-manager 01:04:0a:7b:00:0a;
>                 option tftp-server-name "10.123.0.9";
>                 option bootfile-name "inode.bin";
>         }
> 
>   
> 
>> On Oct 16, 2019, at 12:27 PM, Sten Carlsen <st...@s-carlsen.dk 
>> <mailto:st...@s-carlsen.dk>> wrote:
>> 
>> 
>> 
>>> On 16 Oct 2019, at 16.07, Eric Koons <ekoons5...@gmail.com 
>>> <mailto:ekoons5...@gmail.com>> wrote:
>>> 
>>> I?m having an issue with ISC DHCP where it?s sending the incorrect router 
>>> option/gateway in the DHCP reply.   Any help is appreciated.
>>> 
>>> Below is a capture using TCPDUMP on the DHCP server.  With this particular 
>>> request, it should be sending the Gateway of 10.123.4.41, but it?s sending 
>>> 10.123.4.49 which is the gateway option defined in the other scope.  It 
>>> almost seems like the first device in a DHCP scope that comes online the 
>>> Server uses that as the router option for all other requests.  I?ve also 
>>> attached a copy of the dhcpd.conf file below.  This is on a CENTOS server: 
>>> CentOS Linux release 7.7.1908 (Core).
>>> 
>>> 09:57:27.101056 00:a5:bf:9d:a9:59 > 00:50:56:ae:be:10, ethertype IPv4 
>>> (0x0800), length 442: (tos 0xc0, ttl 29, id 53170, offset 0, flags [none], 
>>> proto UDP (17), length 428)
>>>     10.123.4.41.bootps > 10.123.0.9.bootps: [udp sum ok] BOOTP/DHCP, 
>>> Request from 00:18:48:02:6e:a0, length 400, xid 0xcc58406, Flags [none] 
>>> (0x0000)
>>>           Gateway-IP 10.123.4.41
>>>           Client-Ethernet-Address 00:18:48:02:6e:a0
>>>           Vendor-rfc1048 Extensions
>>>             Magic Cookie 0x63825363
>>>             DHCP-Message Option 53, length 1: Request
>>>             Server-ID Option 54, length 4: 10.123.0.9
>>>             Requested-IP Option 50, length 4: 10.123.4.45
>>>             Parameter-Request Option 55, length 12: 
>>>               Subnet-Mask, BR, Time-Zone, Default-Gateway
>>>               Domain-Name, Domain-Name-Server, Hostname, Vendor-Option
>>>               Time-Server, BF, TFTP, WWW
>>>             Vendor-Option Option 43, length 86: 
>>> 2.3.82.80.68.3.9.69.67.77.58.101.83.65.70.69.4.7.57.49.48.52.50.48.53.5.5.48.46.48.46.49.6.7.49.95.53.48.95.50.51.7.5.48.46.48.46.49.8.6.48.48.49.56.52.56.9.6.53.50.48.48.48.49.10.20.86.101.99.105.109.97.32.78.101.116.119.111.114.107.115.32.73.110.99.46
>>>             Vendor-Class Option 60, length 3: "RPD"
>>>             Client-ID Option 61, length 15: hardware-type 255, 
>>> 48:02:6e:a0:00:03:00:01:00:18:48:02:6e:a0
>>>             Agent-Information Option 82, length 18: 
>>>               Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
>>>               Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
>>>             END Option 255, length 0
>>> 09:57:27.101623 00:50:56:ae:be:10 > 00:00:0c:07:ac:00, ethertype IPv4 
>>> (0x0800), length 381: (tos 0x0, ttl 64, id 62282, offset 0, flags [DF], 
>>> proto UDP (17), length 367)
>>>     10.123.0.9.bootps > 10.123.4.41.bootps: [bad udp cksum 0x1a94 -> 
>>> 0xcaaa!] BOOTP/DHCP, Reply, length 339, xid 0xcc58406, Flags [none] (0x0000)
>>>           Your-IP 10.123.4.45
>> 
>> This means the device is gets an address from "# 10.123.4.40/29 Subnet".
>> 
>>>           Gateway-IP 10.123.4.41
>>>           Client-Ethernet-Address 00:18:48:02:6e:a0
>>>           Vendor-rfc1048 Extensions
>>>             Magic Cookie 0x63825363
>>>             DHCP-Message Option 53, length 1: ACK
>>>             Server-ID Option 54, length 4: 10.123.0.9
>>>             Lease-Time Option 51, length 4: 86400
>>>             Subnet-Mask Option 1, length 4: 255.255.255.248
>>>             BR Option 28, length 4: 10.123.4.55
>>>             Time-Zone Option 2, length 4: -18000
>>>             Default-Gateway Option 3, length 4: 10.123.4.49
>> 
>> The Class is defined in this subnet "# 10.123.4.48/29 Subnet" and as such 
>> inherits the gateway from here.
>> 
>> Nothing in the configuration tells the server which subnet to allocate 
>> addresses from, no allow or deny statements.
>> The server is free to select an address in any subnet according to its 
>> algorithms but the gataeway is taken from one specific subnet.
>> 
>> Solution:
>> 1 - move all class definitions to the global level, they are global anyway, 
>> except for inheritance.
>> 2 - use allow/deny statements to tell the server from which subnet is may 
>> allocate addresses to a specific class or unknown clients.
>> 
>>>             Domain-Name Option 15, length 13: "rpd.sectv.com 
>>> <http://rpd.sectv.com/>"
>>>             Domain-Name-Server Option 6, length 4: 10.123.0.9
>>>             Vendor-Option Option 43, length 10: 61.8.10.123.4.10.10.123.4.58
>>>             Time-Server Option 4, length 4: 10.123.0.9
>>>             Agent-Information Option 82, length 18: 
>>>               Circuit-ID SubOption 1, length 6: ^@^D^@^@^@^C
>>>               Remote-ID SubOption 2, length 8: ^@^F^@M-^^^^]YM-^
>>>             END Option 255, length 0
>>> 
>>> Here is a copy of my dhcpd.conf:
>>> 
>>> #Global Options:   
>>> 
>>>         #Set the server to authoritative;
>>>         authoritative;      
>>> 
>>>         option domain-name-servers 10.123.0.9;
>>>         option log-servers 10.123.0.9;
>>>         option ntp-servers 10.123.0.9;
>>>         option time-servers 10.123.0.9;
>>> 
>>>         local-address 10.123.0.9;
>>> 
>>>         #Time Offset
>>>         option time-offset -18000;
>>> 
>>>         #Lease time
>>>         default-lease-time 86400;
>>>         max-lease-time 172800;
>>> 
>>> 
>>> 
>>>         #Time zone
>>>         option PCode code 100 = text;
>>>         option TCode code 101 = text;
>>>         option PCode "?EST5EDT4,M3.2.0/02:00,M11.1.0/02:00";
>>>         option TCode "America/New_York?";
>>> 
>>>         #Remote Phy Stuff
>>>        # option CCAPCore code 43 = string;
>>> #        option iNode-manager code 43 = string;
>>> 
>>>         option space VCM;
>>>         option VCM.ccap_cores code 61 = { array of ip-address };
>>> 
>>>         default-lease-time 86400;
>>>         max-lease-time 172800;
>>> 
>>> 
>>> # Use this to enble / disable dynamic dns updates globally.
>>>  #       ddns-updates        on;
>>>  #       ddns-update-style interim;
>>>  #       ddns-rev-domainname "in-addr.arpa";
>>>  #       deny declines;
>>>  #       deny bootp;
>>>         #allow client-updates;
>>> 
>>>  #       key dhcpupdate {
>>>   #              algorithm hmac-md5;
>>>   #              secret iY+hMAmhBJvhxc82gX8Vgg==;
>>>   #      }
>>> 
>>>   #      zone sectv.com <http://sectv.com/>. {
>>>   #              primary 10.0.40.5;
>>>   #              key dhcpupdate;
>>>   #      }
>>> 
>>>    #     zone 10.123.in-addr.arpa. {
>>>    #     primary 10.0.40.5;
>>>    #     key dhcpupdate;
>>>    #     }
>>> 
>>> 
>>> # Use this to send dhcp log messages to a different log file (you also
>>> # have to hack syslog.conf to complete the redirection).
>>> log-facility local7;
>>> 
>>> #10.123.0.0/24 Subnet - Management
>>> subnet 10.123.0.0 netmask 255.255.255.0 {
>>> #No options or ranges defined - No DHCP
>>> }
>>> 
>>> # 10.123.4.40/29 Subnet
>>> subnet 10.123.4.40 netmask 255.255.255.248 {
>>>         range 10.123.4.42 10.123.4.46;
>>>         option subnet-mask              255.255.255.248;
>>>         option domain-search "sectv.com <http://sectv.com/>";
>>>         option routers 10.123.4.41;
>>>         option broadcast-address 10.123.4.47;
>>> #        class "CiscoRPD" {
>>> #                match if option vendor-class-identifier="RPD";
>>>                 vendor-option-space VCM;
>>>                 option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>>>                 option domain-name "rpd.sectv.com <http://rpd.sectv.com/>";
>>> #        }
>>> #        class "CiscoiNode"{
>>> #                match if option 
>>> vendor-class-identifier="Cisco.iNode.oib.1.0";
>>> #                option iNode-manager 01:04:0a:7b:00:0a;
>>> #                option tftp-server-name "10.123.0.9";
>>> #                option bootfile-name "inode.bin";
>>> #                option domain-name "inode.sectv.com 
>>> <http://inode.sectv.com/>";
>>> #        }
>>> }
>>> 
>>> # 10.123.4.48/29 Subnet
>>> subnet 10.123.4.48 netmask 255.255.255.248 {
>>>         range 10.123.4.50 10.123.4.54;
>>>         option subnet-mask              255.255.255.248;
>>>         option domain-search "sectv.com <http://sectv.com/>";
>>>         option routers 10.123.4.49;
>>>         option broadcast-address 10.123.4.55;
>>>         class "CiscoRPD" {
>>>                 match if option vendor-class-identifier="RPD";
>>>                 vendor-option-space VCM;
>>>                 option VCM.ccap_cores 10.123.4.10, 10.123.4.58;
>>>                 option domain-name "rpd.sectv.com <http://rpd.sectv.com/>";
>>>         }
>>>  #       class "CiscoiNode"{
>>>  #               match if option 
>>> vendor-class-identifier="Cisco.iNode.oib.1.0";
>>>  #               option iNode-manager 01:04:0a:7b:00:0a;
>>>  #               option tftp-server-name "10.123.0.9";
>>>  #               option bootfile-name "inode.bin";
>>>  #               option domain-name "inode.sectv.com 
>>> <http://inode.sectv.com/>";
>>>  #       }
>>> }
>>> 
>>>  # 10.123.4.56/29 Subnet
>>> subnet 10.123.4.56 netmask 255.255.255.248 {
>>>         range 10.123.4.58 10.123.4.62;
>>>         option subnet-mask              255.255.255.248;
>>>         option domain-search "sectv.com <http://sectv.com/>";
>>>         option routers 10.123.4.57;
>>>         option broadcast-address 10.123.4.63;
>>> }
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/dhcp-users 
>>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>> 
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/dhcp-users 
>> <https://lists.isc.org/mailman/listinfo/dhcp-users>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://lists.isc.org/pipermail/dhcp-users/attachments/20191016/c0674fa0/attachment.htm>

------------------------------

Subject: Digest Footer

_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users


------------------------------

End of dhcp-users Digest, Vol 132, Issue 18
*******************************************

Reply via email to