DHCPD and option-82 problem
Joseph Bernard
jhb at clemson.edu
Wed May 21 17:32:06 UTC 2014
I recently ran into an issue where dhcp snooping is changing the DHCP packet in a way some of our devices do not like and ignore. I haven’t gathered the info together to open a TAC case yet. You could try putting “ip dhcp snooping trust” on the port of a device that’s not working and see if it works. If it does, do a capture with it on and off and look at the differences with the DHCP packets.
Thanks,
Joseph B.
On May 21, 2014, at 12:07 PM, Denis Laventure <Denis_Laventure at uqac.ca<mailto:Denis_Laventure at uqac.ca>> wrote:
Hi,
We have about 300 connections on our university dormitory and we use option-82 to assign one fixed IP to every chamber.
Everything works fine but I sometimes find that some clients don't get an IP and keep sending DHCPDISCOVER continually. Sometimes
it's a Windows 7 client, sometimes it's a D-LINK Router or a Mac.
I captured the requests from one client and everything seems normal, it even have option-82 inserted by the relay.
In my dhcpd log, the dhcpd daemon doesn't decode it option-82 and the option agent.circuit-id is empty. (tcpdump/wireshark capture below)
I get the usual "no free leases" since option-82 isn't recognized. (dhcpd log below)
Is there a way to debug received DHCPDICOVER packets (other than log or tcpdump) that I could check to make sure option-82 is present and decoded by the daemon?
Why dhcp daemon doesn't decode option-82 if it's in the packet?
I'm on Linux RHEL 5.10 and using ISC DHCPD version 4.3.0 (in failover). I tried downgrading to version 4.2.0 and I have the same problem.
For now, I'm using a Cisco 3560 as dhcp server with option-82 and all the clients (even the ones that don't work with isc dhcpd) works. I don't want to
keep using the Cisco router for dhcp, I want to return to my isc dhcp server but I can't because of that problem...
Thanks,
Denis Laventure
================================================================================================================
Aditional informations:
Client Switch: cisco WS-C2960S-F48TS-L
sh ver
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(1)E2, RELEASE SOFTWARE (fc1)
interface FastEthernet2/0/17
ip dhcp snooping vlan 261 information option format-type circuit-id string RESD-4D
================================================================================================================
Method 1 (Class and Pool):
subnet 172.17.11.0 netmask 255.255.255.0 {
...
pool { range 172.17.11.80; allow members of "RESD-4D"; }
...
}
set client-mac-address = concat (
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,1,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,2,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,3,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,4,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,5,1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,6,1))),2)
);
class "RESD-4D" {match if option agent.circuit-id=1:7:52:45:53:44:2d:34:44; log(info,concat("DEBUG: RESD-4D ",client-mac-address));}
Result:
...
May 6 16:41:23 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
May 6 16:41:54 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
May 6 16:41:59 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
...
Working client get:
May 6 08:14:07 dhcpa dhcpd: DEBUG: (client info) 172.17.11.79 - 74:86:7a:2b:90:16 - MSFT 5.0 - 1,f,3,6,2c,2e,2f,1f,21,79,f9,fc,2b
May 6 08:14:07 dhcpa dhcpd: DEBUG: (option-82 raw) 74:86:7a:2b:90:16 - 1:7:52:45:53:44:2d:34:43
May 6 08:14:07 dhcpa dhcpd: DEBUG: RESD-4C 74:86:7a:2b:90:16
May 6 08:14:07 dhcpa dhcpd: DHCPDISCOVER from 74:86:7a:2b:90:16 via 172.17.11.1
May 6 08:14:07 dhcpa dhcpd: DHCPOFFER on 172.17.11.79 to 74:86:7a:2b:90:16 (Inspiron3521) via 172.17.11.1
May 6 08:14:07 dhcpa dhcpd: DEBUG: (client info) 172.17.11.79 - 74:86:7a:2b:90:16 - MSFT 5.0 - 1,f,3,6,2c,2e,2f,1f,21,79,f9,fc,2b
May 6 08:14:07 dhcpa dhcpd: DEBUG: (option-82 raw) 74:86:7a:2b:90:16 - 1:7:52:45:53:44:2d:34:43
May 6 08:14:07 dhcpa dhcpd: DEBUG: (option-82 cid) IP:172.17.11.79, MAC:74:86:7a:2b:90:16, CID:1:7:52:45:53:44:2d:34:43<cid:1:7:52:45:53:44:2d:34:43>
May 6 08:14:07 dhcpa dhcpd: DEBUG: RESD-4C 74:86:7a:2b:90:16
May 6 08:14:07 dhcpa dhcpd: DHCPREQUEST for 172.17.11.79 (192.168.1.10) from 74:86:7a:2b:90:16 (Inspiron3521) via 172.17.11.1
May 6 08:14:07 dhcpa dhcpd: DHCPACK on 172.17.11.79 to 74:86:7a:2b:90:16 (Inspiron3521) via 172.17.11.1
================================================================================================================
Method 2 (host-identifier):
host RESD-4D { host-identifier option agent.circuit-id 1:7:52:45:53:44:2d:34:44; fixed-address 172.17.11.80; }
Result:
...
May 6 17:02:37 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
May 6 17:02:54 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
May 6 17:03:26 dhcpa dhcpd: DHCPDISCOVER from 74:d0:2b:e9:82:0d via 172.17.11.1: network 172.17.11.0/24: no free leases
...
================================================================================================================
TCPDUMP/WIRESHARK LOG (5 DHCPDISCOVER)
No. Time Source Destination Protocol Length Info
1 0.000000 172.17.11.1 192.168.1.10 DHCP 352 DHCP Discover - Transaction ID 0xcab50e69
Frame 1: 352 bytes on wire (2816 bits), 352 bytes captured (2816 bits)
Ethernet II, Src: 10:8c:cf:28:5a:40 (10:8c:cf:28:5a:40), Dst: 00:1e:c9:d7:2c:d8 (00:1e:c9:d7:2c:d8)
Internet Protocol Version 4, Src: 172.17.11.1 (172.17.11.1), Dst: 192.168.1.10 (192.168.1.10)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 67 (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 1
Transaction ID: 0xcab50e69
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 172.17.11.1 (172.17.11.1)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Option: (12) Host Name
Length: 7
Host Name: SAMSUNG
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 13
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (43) Vendor-Specific Information
Option: (82) Agent Information Option
Length: 21
Option 82 Suboption: (1) Agent Circuit ID
Length: 9
Agent Circuit ID: 0107524553442d3442
Option 82 Suboption: (2) Agent Remote ID
Length: 8
Agent Remote ID: 0006f84f5742d700
Option: (255) End
Option End: 255
No. Time Source Destination Protocol Length Info
2 4.944200 172.17.11.1 192.168.1.10 DHCP 352 DHCP Discover - Transaction ID 0xcab50e69
Frame 2: 352 bytes on wire (2816 bits), 352 bytes captured (2816 bits)
Ethernet II, Src: 10:8c:cf:28:5a:40 (10:8c:cf:28:5a:40), Dst: 00:1e:c9:d7:2c:d8 (00:1e:c9:d7:2c:d8)
Internet Protocol Version 4, Src: 172.17.11.1 (172.17.11.1), Dst: 192.168.1.10 (192.168.1.10)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 67 (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 1
Transaction ID: 0xcab50e69
Seconds elapsed: 4
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 172.17.11.1 (172.17.11.1)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Option: (12) Host Name
Length: 7
Host Name: SAMSUNG
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 13
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (43) Vendor-Specific Information
Option: (82) Agent Information Option
Length: 21
Option 82 Suboption: (1) Agent Circuit ID
Length: 9
Agent Circuit ID: 0107524553442d3442
Option 82 Suboption: (2) Agent Remote ID
Length: 8
Agent Remote ID: 0006f84f5742d700
Option: (255) End
Option End: 255
No. Time Source Destination Protocol Length Info
3 17.047575 172.17.11.1 192.168.1.10 DHCP 352 DHCP Discover - Transaction ID 0xa2024d9e
Frame 3: 352 bytes on wire (2816 bits), 352 bytes captured (2816 bits)
Ethernet II, Src: 10:8c:cf:28:5a:40 (10:8c:cf:28:5a:40), Dst: 00:1e:c9:d7:2c:d8 (00:1e:c9:d7:2c:d8)
Internet Protocol Version 4, Src: 172.17.11.1 (172.17.11.1), Dst: 192.168.1.10 (192.168.1.10)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 67 (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 1
Transaction ID: 0xa2024d9e
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 172.17.11.1 (172.17.11.1)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Option: (12) Host Name
Length: 7
Host Name: SAMSUNG
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 13
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (43) Vendor-Specific Information
Option: (82) Agent Information Option
Length: 21
Option 82 Suboption: (1) Agent Circuit ID
Length: 9
Agent Circuit ID: 0107524553442d3442
Option 82 Suboption: (2) Agent Remote ID
Length: 8
Agent Remote ID: 0006f84f5742d700
Option: (255) End
Option End: 255
No. Time Source Destination Protocol Length Info
4 20.667474 172.17.11.1 192.168.1.10 DHCP 352 DHCP Discover - Transaction ID 0xa2024d9e
Frame 4: 352 bytes on wire (2816 bits), 352 bytes captured (2816 bits)
Ethernet II, Src: 10:8c:cf:28:5a:40 (10:8c:cf:28:5a:40), Dst: 00:1e:c9:d7:2c:d8 (00:1e:c9:d7:2c:d8)
Internet Protocol Version 4, Src: 172.17.11.1 (172.17.11.1), Dst: 192.168.1.10 (192.168.1.10)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 67 (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 1
Transaction ID: 0xa2024d9e
Seconds elapsed: 3
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 172.17.11.1 (172.17.11.1)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Option: (12) Host Name
Length: 7
Host Name: SAMSUNG
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 13
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (43) Vendor-Specific Information
Option: (82) Agent Information Option
Length: 21
Option 82 Suboption: (1) Agent Circuit ID
Length: 9
Agent Circuit ID: 0107524553442d3442
Option 82 Suboption: (2) Agent Remote ID
Length: 8
Agent Remote ID: 0006f84f5742d700
Option: (255) End
Option End: 255
No. Time Source Destination Protocol Length Info
5 28.074747 172.17.11.1 192.168.1.10 DHCP 352 DHCP Discover - Transaction ID 0xa2024d9e
Frame 5: 352 bytes on wire (2816 bits), 352 bytes captured (2816 bits)
Ethernet II, Src: 10:8c:cf:28:5a:40 (10:8c:cf:28:5a:40), Dst: 00:1e:c9:d7:2c:d8 (00:1e:c9:d7:2c:d8)
Internet Protocol Version 4, Src: 172.17.11.1 (172.17.11.1), Dst: 192.168.1.10 (192.168.1.10)
User Datagram Protocol, Src Port: 67 (67), Dst Port: 67 (67)
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 1
Transaction ID: 0xa2024d9e
Seconds elapsed: 11
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 172.17.11.1 (172.17.11.1)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: 74:d0:2b:e9:82:0d (74:d0:2b:e9:82:0d)
Option: (12) Host Name
Length: 7
Host Name: SAMSUNG
Option: (60) Vendor class identifier
Length: 8
Vendor class identifier: MSFT 5.0
Option: (55) Parameter Request List
Length: 13
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (3) Router
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
Parameter Request List Item: (46) NetBIOS over TCP/IP Node Type
Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
Parameter Request List Item: (31) Perform Router Discover
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (43) Vendor-Specific Information
Option: (82) Agent Information Option
Length: 21
Option 82 Suboption: (1) Agent Circuit ID
Length: 9
Agent Circuit ID: 0107524553442d3442
Option 82 Suboption: (2) Agent Remote ID
Length: 8
Agent Remote ID: 0006f84f5742d700
Option: (255) End
Option End: 255
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20140521/a29f5226/attachment-0001.html>
More information about the dhcp-users
mailing list