Re: Cisco IOS XE DHCP Client - disable options from being sent in disc

mcotherman · ‎12-10-2023

I am running 17.9.04a on a C1111-8PLTEEAWB and trying to set up the DHCP client so that I can connect it to my ISP's Fiber ONT instead of their provided eero router without losing my IP address. The eero will faithfully get the IP it wants back, even after a long outage... I can power-cycle the ONT and get a new address, but really want to get mac-cloning working.

interface GigabitEthernet0/0/0
description connected to Internet
mac-address 5027.a92d.ffff
ip dhcp client client-id ascii eero
ip dhcp client broadcast-flag clear
ip dhcp client class-id ascii
ip dhcp client hostname eero
ip dhcp client option 50 ip 47.***.***.***
ip address dhcp
negotiation auto

I am looking at the IP Addressing Configuration Guide, Cisco IOS XE 17.x and other Cisco docs that allowed me to get part of the way, using commands like "ip dhcp client broadcast-flag clear" to set the unicast bootp flag.

FYI - I am not able to use the command "ip dhcp client vendor-class disable" that is referenced.

packet capture of eero discover that gets a response and successfully negotiates the requested IP address:

No.     Time               Source                Destination           Protocol Length Info
      3 20:52:50.827999    0.0.0.0               255.255.255.255       DHCP     342    DHCP Discover - Transaction ID 0x7deccd76

Frame 3: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface \Device\NPF_{55FDD48B-D4C7-4C49-9A40-88F5C0C4155B}, id 0
Ethernet II, Src: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x7deccd76
    Seconds elapsed: 10
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
    Option: (50) Requested IP Address (47.***.***.***))
    Option: (12) Host Name
    Option: (55) Parameter Request List
        Length: 13
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (28) Broadcast Address
        Parameter Request List Item: (2) Time Offset
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (119) Domain Search
        Parameter Request List Item: (12) Host Name
        Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
        Parameter Request List Item: (47) NetBIOS over TCP/IP Scope
        Parameter Request List Item: (26) Interface MTU
        Parameter Request List Item: (121) Classless Static Route
        Parameter Request List Item: (43) Vendor-Specific Information
    Option: (255) End
    Padding: 0000000000000000000000000000000000000000000000000000000000

Packet capture of the latest iteration of the IOS-XE DHCP Client configuration (no response from ISP's DHCP server). You will see that the Cisci IOS-XE DHCP client is adding in options 60,61, and124

I do not know if these are causing the ISP DHCP Server to not respond or if it is something else, but I would like to remove them (I am successful at *changing* the host identifier, the client identifier, and the vendor class identifier, and , but I really need to 'eliminate' them from being sent at all in the DHCP Discover message.

No.     Time               Source                Destination           Protocol Length Info
      1 23:18:13.503795    0.0.0.0               255.255.255.255       DHCP     349    DHCP Discover - Transaction ID 0x4954c014

Frame 1: 349 bytes on wire (2792 bits), 349 bytes captured (2792 bits) on interface \Device\NPF_{55FDD48B-D4C7-4C49-9A40-88F5C0C4155B}, id 0
Ethernet II, Src: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x4954c014
    Seconds elapsed: 3
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
        Length: 1
        DHCP: Discover (1)
    Option: (57) Maximum DHCP Message Size
        Length: 2
        Maximum DHCP Message Size: 1200
    Option: (61) Client identifier
        Length: 5
        Type: 0
        Client Identifier: eero
    Option: (12) Host Name
        Length: 4
        Host Name: eero
    Option: (55) Parameter Request List
        Length: 8
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (33) Static Route
        Parameter Request List Item: (150) TFTP Server Address
        Parameter Request List Item: (43) Vendor-Specific Information
    Option: (60) Vendor class identifier
        Length: 5
        Vendor class identifier: ascii
    Option: (124) V-I Vendor Class
        Length: 21
        Enterprise: ciscoSystems (9)
        CableLab Address Mode: 16
        NetInfo Parent Server Tag: \017C1111-8PLTEEAWB
    Option: (50) Requested IP Address (47.***.***.***)
        Length: 4
        Requested IP Address: 47.***.***.***)
    Option: (255) End
        Option End: 255

CCIE# 6771

MHM Cisco World · ‎12-10-2023

NO ip dhcp client request option-name

first check option name with it number' then use above to make your router not ask ISP server for it value.

Note:- I 50% suspect it not issue of option but let eliminate it from out troubleshooting.

Thanks

MHM

MHM Cisco World · ‎12-10-2023

MHM

mcotherman · ‎12-11-2023

I think you are responding to the wrong Forum post... this post is about ISR1100 and IOS-XR DHCP, not N3K and NX-OS.

-mike

CCIE# 6771

mcotherman · ‎12-11-2023

Unfortunately, that is not an option for 60,61,124:

C1111(config)#int gi0/0/0
C1111(config-if)#no ip dhcp client request 60
                                           ^
% Invalid input detected at '^' marker.

C1111(config-if)#no ip dhcp client request ?
  classless-static-route       Classless static route (121)
  dns-nameserver               DNS nameserver (6)
  domain-name                  Domain name (15)
  netbios-nameserver           NETBIOS nameserver (44)
  option                       DHCP options
  router                       Default router option (3)
  sip-server-address           SIP server address (120)
  static-route                 Static route option (33)
  tftp-server-address          TFTP server address (150)
  vendor-identifying-specific  Vendor identifying specific info (125)
  vendor-specific              Vendor specific option (43)
  <cr>                         <cr>

C1111(config-if)#no ip dhcp client request

CCIE# 6771

MHM Cisco World · ‎12-11-2023

sorry what op. your router client you dont request from server ?

mcotherman · ‎12-11-2023

If you look at the packet capture from the eero router that is successful and the packet capture from the ISR1111 that is unsuccessful, the major differences seem to be options 60,61, and 124. There are also differences in option 55(parameters requested), but most of those are not allowed by the IOS-XE 17.9.4a command set.

With how the IOS-XE DHCP client sends the DHCP Discover message currently (or with default config, or any config I have tried) I get no response from the ISP DHCP Server.

My goal is to have the enterprise grade Cisco IOS-XE mimic the eero in what is commonly referred to as mac-cloning, but the ISP seems to be extra finicky..

CCIE# 6771

MHM Cisco World · ‎12-11-2023

sorry I was out, now I back to home
the command you add missing "option" keyword
example below show what Ops the client will request from Server
so the correct command will be
ip dhcp client request option <then we list option of success router>
the option that we not include will not send.

MHM

IP Addressing: DHCP Configuration Guide, Cisco IOS XE Gibraltar 16.10.x - Configuring the Cisco IOS XE DHCP Client [Cisco IOS XE 16] - Cisco

mcotherman · ‎12-12-2023

Unfortunately 'adding' the word 'option' is not a valid command for option 60 or 61:

C1111-8PWB#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C1111-8PWB(config)#interface GigabitEthernet0/0/0
C1111-8PWB(config-if)#no ip dhcp client request option 60
% Try using 'ip dhcp client option' command
% Incomplete command.

Replacing the word request with the word option is not the same feature, that is a different feature of DHCP Client.

A command like "ip dhcp client request option 4 5 7 8 9 10 11 17 18 40 41 42 66 68 69 70 71 72 73 74 75 76 124 138 141 142 160" is sending a request via option 55 to request more information be sent back FROM the DHCP Server, I am looking to configure the IOS-XE DHCP Client to send less information TO the DHCP Server.

That being said, I did enter the following DHCP commands to the configuration (they make no visible change to the interface config). You will see that the Cisco IOS-XE 17.9.4a DHCP Client is STILL sending option 60.61, and 124.

C1111-8PWB#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C1111-8PWB(config)#interface GigabitEthernet0/0/0
C1111-8PWB(config-if)#no ip dhcp client option 60
C1111-8PWB(config-if)#no ip dhcp client option 61
C1111-8PWB(config-if)#no ip dhcp client option 124
% Try using 'ip dhcp client request option' command
C1111-8PWB(config-if)#no ip dhcp client request option 124
C1111-8PWB(config-if)#

No.     Time               Source                Destination           Protocol Length Info
    924 12:53:47.796709    0.0.0.0               255.255.255.255       DHCP     347    DHCP Discover - Transaction ID 0xeb0be620

Frame 924: 347 bytes on wire (2776 bits), 347 bytes captured (2776 bits) on interface \Device\NPF_{55FDD48B-D4C7-4C49-9A40-88F5C0C4155B}, id 0
Ethernet II, Src: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0xeb0be620
    Seconds elapsed: 3
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: 50:27:a9:2d:ff:ff (50:27:a9:2d:ff:ff)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
        Length: 1
        DHCP: Discover (1)
    Option: (57) Maximum DHCP Message Size
        Length: 2
        Maximum DHCP Message Size: 1200
    Option: (61) Client identifier
        Length: 5
        Type: 0
        Client Identifier: eero
    Option: (12) Host Name
        Length: 4
        Host Name: eero
    Option: (55) Parameter Request List
        Length: 8
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item: (15) Domain Name
        Parameter Request List Item: (44) NetBIOS over TCP/IP Name Server
        Parameter Request List Item: (3) Router
        Parameter Request List Item: (33) Static Route
        Parameter Request List Item: (150) TFTP Server Address
        Parameter Request List Item: (43) Vendor-Specific Information
    Option: (60) Vendor class identifier
        Length: 8
        Vendor class identifier: ciscopnp
    Option: (124) V-I Vendor Class
        Length: 16
        Enterprise: ciscoSystems (9)
        CableLab Address Mode: 11
        NetInfo Parent Server Tag: \nC1111-8PWB
    Option: (50) Requested IP Address (47.xxx.xxx.xxx)
        Length: 4
        Requested IP Address: 47.xxx.xxx.xxx
    Option: (255) End
        Option End: 255

Additionally, you link the 16.10.x Cisco page for IOS-XE DHCP Client when I linked the similarly, but more appropriate 17.x page for the same thing in the opening post. There are several changes introduced in Cisco IOS XE Amsterdam Release 17.2.

CCIE# 6771

MHM Cisco World · ‎12-11-2023

no ip dhcp client option 60

did you try use above command to remove the op60/61/124 ?
MHM

mcotherman · ‎12-11-2023

PLEASE actually read the contents of my replies. I literally posted the output of the router not recognizing the command, and what the IOS says are valid options for the command. Here it is again, and yes, the result is the same with 61 and 124:

C1111#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C1111(config)#int gi0/0/0
C1111(config-if)#no ip dhcp client request 60
                                           ^
% Invalid input detected at '^' marker.

C1111(config-if)#no ip dhcp client request ?
  classless-static-route       Classless static route (121)
  dns-nameserver               DNS nameserver (6)
  domain-name                  Domain name (15)
  netbios-nameserver           NETBIOS nameserver (44)
  option                       DHCP options
  router                       Default router option (3)
  sip-server-address           SIP server address (120)
  static-route                 Static route option (33)
  tftp-server-address          TFTP server address (150)
  vendor-identifying-specific  Vendor identifying specific info (125)
  vendor-specific              Vendor specific option (43)
  <cr>                         <cr>

C1111(config-if)#

CCIE# 6771

mcotherman · ‎12-12-2023

I have added a screen capture and marked it up for clarity of what I am asking for.

CCIE# 6771

MHM Cisco World · ‎12-12-2023

Last hope then

Ip dhcp client vendor-class disable

MHM

mcotherman · ‎12-12-2023

So you also missed that from the original post too?

CCIE# 6771

paul driver · ‎12-12-2023

Hello

@mcotherman wrote:
My goal is to have the enterprise grade Cisco IOS-XR mimic the eero in what is commonly referred to as mac-cloning, but the ISP seems to be extra finicky.

Packet capture of the latest iteration of the IOS-XE DHCP Client configuration (no response from ISP's DHCP server)

So to confirm ,your client is and IOS-XE and the dhcp server is IOS-XR.
TBH - mac cloning shouldn't be that hard to accomplish unless spoofing is being negated by the dhcp server?

Secure ARP

In standalone DHCP sessions, the DHCP server adds an ARP entry when it assigns an IP address to a client. However, in IP subscriber sessions, DHCP server does not add an ARP entry. Although ARP establishes correspondences between network addresses, an untrusted device can spoof IP an address not assigned to it posing a security threat for IP subscriber sessions. You can enable the secure ARP feature and allow DHCP to add an ARP cache entry when DHCP assigns an IP address to a client. Secure ARP is disabled by default.

Anyhow looking at your post, could you try (no other options):

interface GigabitEthernet0/0/0
shut
mac-address 5027.a92d.ffff
ip dhcp client client-id GigabitEthernet0/0/0
ip address dhcp
no shut

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Cisco IOS XE DHCP Client - disable options from being sent in discover

Secure ARP