Using Option 43 Info FROM a Cable Modem Client to Define a Class
Glenn Satchell
Glenn.Satchell at uniq.com.au
Thu Oct 18 11:33:52 UTC 2007
This is from the 3.1.0 dhcp-options man page, pretty much the same in 3.0.5...
ENCAPSULATION
option new-name code new-code = encapsulate identifier ;
An option whose type is encapsulate will encapsulate the
contents of the option space specified in identifier.
Examples of encapsulated options in the DHCP protocol as it
currently exists include the vendor-encapsulated-options
option, the netware-suboptions option and the relay-agent-
information option.
option space local;
option local.demo code 1 = text;
option local-encapsulation code 197 = encapsulate local;
option local.demo "demo";
Good to see that it turned into a neat solution for you.
regards,
-glenn
>Subject: RE: Using Option 43 Info FROM a Cable Modem Client to Define a Class
>Date: Wed, 17 Oct 2007 17:11:02 -0400
>From: "Perry, Keith" <Keith.Perry at sciatl.com>
>
>I finally got this working based on a key piece of information gleaned
>after searching the List Server. Below is the configuration snippet
>that works. I created an option space and defined the sub option types
>but had to add the encapsulate command shown below. I could not find
>this in either the MAN pages or the DHCP handbook.
>
>Message thread with needed info:
>http://marc.info/?l=dhcp-users&m=114417510913325&w=2
>
>***************************************
>option space SA;
>option SA.devtype code 2 = text;
>option SA.esafetype code 3 = text;
>option SA.sernum code 4 = text;
>option SA.hwver code 5 = text;
>option SA.swver code 6 = text;
>option SA.bootrom code 7 = text;
>option SA.OUI code 8 = string;
>option SA.modnum code 9 = text;
>option SA.vendor code 10 = text;
>option SA-43 code 43 = encapsulate SA; <---------- Won't work without
>this!
>
># Create a class for embedded cable modems
>
>class "eCM" {
> match if option SA.devtype = "ECM";
>}
>
>
> # Cable Modem Subnet
> subnet 10.5.128.0 netmask 255.255.192.0 {
> option subnet-mask 255.255.192.0;
> option routers 10.5.128.254;
> option broadcast-address 10.5.191.255;
> option time-offset 19800;
> option time-servers 10.253.0.10;
> option log-servers 10.253.0.10;
> next-server 10.253.0.10;
> authoritative;
>
> pool {
> range 10.5.129.1 10.5.129.250;
> filename "eCM.cfg";
> allow members of "eCM";
> deny dynamic bootp clients;
> }
>
> pool {
> range 10.5.128.1 10.5.128.250;
> filename "CM.cfg";
> deny members of "eCM";
> deny dynamic bootp clients;
> }
>
> }
>
>***************************************
>
>
>
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
>Behalf Of Perry, Keith
>Sent: Tuesday, October 16, 2007 5:35 PM
>To: dhcp-users at isc.org
>Subject: RE: Using Option 43 Info FROM a Cable Modem Client to Define a
>Class
>
>
>Thanks for the feedback. I was so hoping it would be something simple
>like the first position being 0 instead of 1. None of the 3 match
>statements below work either for the class I call "embeddedCM" :
>
>match if substring (vendor-encapsulated-options, 2, 3) = "ECM";
> match if substring (vendor-encapsulated-options, 2, 3) = 45:43:4D;
>match if substring (vendor-encapsulated-options, 0, 5) = 02:03:45:43:4d;
>
>All three result in all clients being placed in the pool which is
>supposed to deny the embedded clients (10.5.128.x)
>****************************************
> pool {
> range 10.5.128.1 10.5.128.250;
> filename "CM.cfg";
> deny members of "embeddedCM";
> deny dynamic bootp clients;
> }
> pool {
> range 10.5.129.1 10.5.129.250;
> filename "embeddedCM.cfg";
> allow members of "embeddedCM";
> deny dynamic bootp clients;
> }
>*****************************************
>
>
>And when I switch the allow/deny statements as shown below, the same
>behavior occurs with the 10.5.129.x pool.
>****************************************
> pool {
> range 10.5.128.1 10.5.128.250;
> filename "CM.cfg";
> allow members of "embeddedCM";
> deny dynamic bootp clients;
> }
> pool {
> range 10.5.129.1 10.5.129.250;
> filename "embeddedCM.cfg";
> deny members of "embeddedCM";
> deny dynamic bootp clients;
> }
>*****************************************
>
>It appears that the "embeddedCM" class I've defined doesn't exist (or
>has no matches) and that clients are placed in the pool which has no
>"allow" statements. Page 443 of the DHCP handbook states that " If a
>pool has a list of things that are permitted, any client that doesn't
>match one of the permits cannot be allocated an address from the pool.
>If a pool has a list of things that are not permitted, any client that
>doesn't match one of those permits can be allocated an address from the
>pool". This is exactly what is happening. I'm using the same approach
>above with the Vendor Class Identifier and that works like a champ -
>which is why I believe that the ISC Server cannot process inbound option
>43 data.
>
>
>
>
>
>
>-----Original Message-----
>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
>Behalf Of Glenn Satchell
>Sent: Tuesday, October 16, 2007 8:29 AM
>To: dhcp-users at isc.org
>Subject: RE: Using Option 43 Info FROM a Cable Modem Client to Define a
>Class
>
>
>
>>Subject: RE: Using Option 43 Info FROM a Cable Modem Client to Define a
>
>>Class
>>Date: Mon, 15 Oct 2007 16:32:02 -0400
>>From: "Perry, Keith" <Keith.Perry at sciatl.com>
>>
>>The option I'm trying to filter on is always placed first by our client
>
>>so I'm too concerned with reliability. I already reviewed the
>>application section of the dhcp-options MAN page prior to sending out
>>my initial request. It is solely about setting sub-options to provide
>to
>>the client - nothing about reading sub-options from the client. I've
>>tried the 5 variations below with no success. Conf file passes syntax
>>check with any of these:
>>
>
>This looks for the string "ECM" starting at the 6th character in the
>string. Remember first position is 0.
>>match if substring (vendor-encapsulated-options, 5, 3) = "ECM";
>
>This looks for "ECM" starting at the fourth character:
>>match if substring (vendor-encapsulated-options, 3, 3) = "ECM";
>
>This looks for the string "45:43:4d" - you need to leave out the quotes
>to get hex chars, ie 45:43:4d
>>match if substring (vendor-encapsulated-options, 5, 3) = "45:43:4d";
>>match if substring (vendor-encapsulated-options, 3, 3) = "45:43:4d";
>
>This one would work without the quotes...
>>match if substring (vendor-encapsulated-options, 0, 5) =
>>"02:03:45:43:4d";
>
>This was the value in the string as reported by the packet sniffer
>below:
>
> Value: 020345434D030845434D3A4553544204095341424A4E425A...
>
>It is pairs of hex characters, so in dhcpd format it would be:
>
> 02:03:45:43:4D:03:08:45:43:4D:3A:45:53:54:42:04....
>
>So, 02 is sub-option 2, 03 is length of the option, 45:43:4D is the
>value stored in the sub-option, in this case the ascii codes for E, C
>and M. Next 03 is sub-option 3, 08 is length, value is the next 8 bytes,
>and so on.
>
>Remember that for sub-string() you count the starting position from 0,
>so I believe the match line becomes
>
> match if substring (vendor-encapsulated-options, 2, 3) = "ECM";
>or
> match if substring (vendor-encapsulated-options, 2, 3) =
>45:43:4D;
>
>HTH. By the way, the packet dump was really useful for working this out.
>
>regards,
>-glenn
>--
>Glenn Satchell mailto:glenn.satchell at uniq.com.au | Some days we are
>Uniq Advances Pty Ltd http://www.uniq.com.au | the flies; some
>PO Box 70 Paddington NSW Australia 2021 | days we are the
>tel:0409-458-580 tel:02-9380-6360 fax:02-9380-6416 | windscreens...
>
>>But fails to place the embedded CMs in the pool I have specified below:
>>********************************************************************
>> # Cable Modem Subnet
>> subnet 10.5.128.0 netmask 255.255.192.0 {
>> pool {
>> range 10.5.128.1 10.5.128.250;
>> filename "CM.cfg";
>> deny members of "embeddedCM";
>> deny dynamic bootp clients;
>> }
>> pool {
>> range 10.5.129.1 10.5.129.250;
>> filename "embeddedCM.cfg";
>> allow members of "embeddedCM";
>> deny dynamic bootp clients;
>> }
>> option subnet-mask 255.255.192.0;
>> option routers 10.5.128.254;
>> option broadcast-address 10.5.191.255;
>> option time-offset 19800;
>> option time-servers 10.253.0.10;
>> option log-servers 10.253.0.10;
>> next-server 10.253.0.10;
>> authoritative;
>> }
>>********************************************************************
>>
>>I'm beginning to wonder if the server only handles outbound Option 43
>>info and not inbound ?
>>
>>
>>Regards,
>>
>>Keith
>>
>>
>>
>>-----Original Message-----
>>From: dhcp-users-bounce at isc.org [mailto:dhcp-users-bounce at isc.org] On
>>Behalf Of Glenn Satchell
>>Sent: Friday, October 12, 2007 6:52 PM
>>To: dhcp-users at isc.org
>>Subject: Re: Using Option 43 Info FROM a Cable Modem Client to Define a
>
>>Class
>>
>>Hi Keith
>>
>>You may not find the substring function reliable in this situation as
>>the device is allowed to include the sub-options in any order. The
>>dhcp-options man page has a section titled "VENDOR ENCAPSULATED
>>OPTIONS". This is mostly about setting the sub-options, but should give
>
>>you the information needed to decode them as well. It describes the
>>format, which is the sub-option number, length, and value.
>>
>>regards,
>>-glenn
>>
>>
>>Subject: Using Option 43 Info FROM a Cable Modem Client to Define a
>>Class
>>Date: Fri, 12 Oct 2007 13:05:01 -0400
>>From: "Perry, Keith" <Keith.Perry at sciatl.com
>>
>>I have digital settop boxes with embedded cable modems which I'm trying
>>to differentiate from plain old stand alone cable modems so I can
>>provide different cable modem configuration files to each. Both use
>>the same Vendor Class Identifier (Option 60) so that is not an option.
>
>>The embedded cable modem DHCP Discover includes a device type "ECM" in
>>sub option 2 of option 43 which I should be able to use. I already use
>
>>Option 60 to create CPE classes so I'm familiar with the syntax for it.
>
>>Below is one of the class definitions I'm defining with Option 60:
>>
>>
>>class "DSG-DHCT" {
>> match if option vendor-class-identifier = "DSG1.0";
>>}
>>
>>This looks at the entire Option 60 string. The embedded cable modem
>>places 128 bytes of info into Option 43 using 9 seperate sub options as
>
>>shown below:
>>
>>*********************************************************************
>>Option: (t=43,l=128) Vendor-Specific Information (CableLabs)
>> Option: (43) Vendor-Specific Information
>> Length: 128
>> Value: 020345434D030845434D3A4553544204095341424A4E425A...
>> Suboption 2: Device Type = "ECM"
>> Suboption 3: eSAFE Types = "ECM:ESTB"
>> Suboption 4: Serial Number = "SABJNBZTR"
>> Suboption 5: Hardware Version = "HW_REV: 1.2; "
>> Suboption 6: Software Version = "SW_REV: 2.23.15 build 1
>>Release"
>> Suboption 7: Boot ROM version = "ROM:049d0106"
>> Suboption 8: OUI = "000F21"
>> Suboption 9: Model Number = "8300"
>> Suboption 10: Vendor Name = "Scientific-Atlanta, Inc."
>>
>>0140 2e 30 2b 80 02 03 45 43 4d 03 08 45 43 4d 3a 45
>.0+...ECM..ECM:E
>>0150 53 54 42 04 09 53 41 42 4a 4e 42 5a 54 52 05 0d
>STB..SABJNBZTR..
>>0160 48 57 5f 52 45 56 3a 20 31 2e 32 3b 20 06 1f 53 HW_REV: 1.2;
>..S
>>0170 57 5f 52 45 56 3a 20 32 2e 32 33 2e 31 35 20 62 W_REV: 2.23.15
>b
>>0180 75 69 6c 64 20 31 20 52 65 6c 65 61 73 65 07 0c uild 1
>Release..
>>0190 52 4f 4d 3a 30 34 39 64 30 31 30 36 08 06 30 30
>ROM:049d0106..00
>>01a0 30 46 32 31 09 04 38 33 30 30 0a 18 53 63 69 65
>0F21..8300..Scie
>>01b0 6e 74 69 66 69 63 2d 41 74 6c 61 6e 74 61 2c 20 ntific-Atlanta,
>
>>01c0 49 6e 63 2e ff 00 00 00 00 00 00 00 00 00 00 00
>Inc.............
>>*********************************************************************
>>I'm only interested in the sub option 2:
>>
>>HEX: 2b 80 02 03 [45 43 4d]
>>DEC: Option 43| Length 128 | SubOption 2 | Length 3 | [ECM]
>>
>>I'm not sure how isolate on this sub option. Would something like this
>>work?
>>
>>class "eCM" {
>> match if substring (vendor-encapsulated-options, 3, 3) = "ECM"; }
>>
>>Or should I include the 43 header in the offset?
>>
>>class "eCM" {
>> match if substring (vendor-encapsulated-options, 5, 3) = "ECM"; }
>>
>>
>>I'm open to sugestions. I running Version 3.1 on Solaris, have read
>>the Man Pages and have a copy of the Teds "DHCP Handbook".
>>
>>
>>Regards,
>>
>>Keith Perry
>>Sr. Staff Systems Engineer
>>WAN/LAN Integration R&D
>>Scientific Atlanta
>>770-236-3957 (Office)
>>770-236-1098 (Lab)
>>
>>
>>
>>
>>
>> - - - - - Appended by Scientific Atlanta, a Cisco company - - - -
>-
>>This e-mail and any attachments may contain information which is
>>confidential,
>>proprietary, privileged or otherwise protected by law. The information
>is
>solely
>>intended for the named addressee (or a person responsible for
>>delivering it to
>>the addressee). If you are not the intended recipient of this message,
>you are
>>not authorized to read, print, retain, copy or disseminate this message
>or any
>>part of it. If you have received this e-mail in error, please notify
>the sender
>>immediately by return e-mail and delete it from your computer.
>>
>>
>>
>
>
More information about the dhcp-users
mailing list