Trying to grasp RFC 3011, using ISC DHCP and Cisco ASA

Nick Ellson Nick.Ellson at pgn.com
Thu Dec 11 17:17:02 UTC 2008 

Hi David,

Do you see this as something the VPN system is not performing properly in the request then? (I have an open case with Cisco that I am working as well)

Nick



Nick Ellson
CCIE# 20018
Infrastructure Specialist
PGE, Network Operations Center
7 am - 4 pm, Pacific M-F 
Personal: (503) 464-2995
Network Trouble: (503) 464-8754
"Educating Layer 8, one user at a time."
 

-----Original Message-----
From: dhcp-users-bounces at lists.isc.org [mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of David W. Hankins
Sent: Thursday, December 11, 2008 9:08 AM
To: Users of ISC DHCP
Subject: Re: Trying to grasp RFC 3011, using ISC DHCP and Cisco ASA

On Thu, Dec 11, 2008 at 08:47:05AM -0800, Nick Ellson wrote:
> OPTION:  53 (  1) DHCP message type         1 (DHCPDISCOVER)
> OPTION:  57 (  2) Maximum DHCP message size 1152
> OPTION:  61 ( 35) Client-identifier         00:63:69:73:63:6f:2d:30:30:31:65:2e:31:33:31:32:2e:65:39:63:64:2d:50:4c:4e:30:35:36:30:38:2d:4c:41:4e:00
> OPTION:  12 (  8) Host name                 PLN0560
> OPTION:  55 (  6) Parameter Request List      1 (Subnet mask)
>                                               6 (DNS server)
>                                              15 (Domainname)
>                                              44 (NetBIOS name server)
>                                               3 (Routers)
>                                              33 (Static route)

Note that the subnet selection option (118, RFC 3011) is not present
here, nor is the link selection suboption (RFC 3527), both of which
are supported in versions 3.1.0 and later (only RFC 3011 before that).

> IP: 172.22.1.123 (0:11:85:5c:ae:21) > 172.22.12.0 (0:0:c:7:ac:1)
> 
> What would it reply TO and address that is part of it's own pool?? Should it not reply to the IP in the original request? Or how would my packet make it back to my ASA?

RFC 2131 stipulates that the server reply to the giaddr contents
("MUST"), which is what's happening here.  RFC's 3011 and 3527 both
stipulate to retain this semantic, the option contents are only an
address selection hint.

-- 
Ash bugud-gul durbatuluk agh burzum-ishi krimpatul.
Why settle for the lesser evil?	 https://secure.isc.org/store/t-shirt/
-- 
David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins

More information about the dhcp-users mailing list