Re: Vendor options in DHCP

Scaremonger · ‎05-05-2023

Hi,
I have been asked if I can replace Windows DHCP with a DHCP server running on a Cisco C9300 switch to save having to migrate the service into Azure.
The current DHCP Scope (private content changed) looks like this:

001 MS Disable NetBIOS,    Standard = long: 0x2
003 Router,                Standard = ip: 192.168.1.254
006 DNS Servers,           Standard = ip: 192.168.2.1, 192.168.2.2
015 DNS Domain Name,       Standard = ascii: example.com
042 NTP Servers,           Standard = ip: 192.168.2.1, 192.168.2.2
066 Boot Server Host Name, Standard = ip 192.168.2.3
067 Bootfile Name,         Standard = ascii: SMSBoot\x64\wdsmgfw.efi
120 UCSipServer,           Standard = ascii: sfbpool.example.com
001 UCIdentifier,          MSUCClient = ascii: MS-UC-Client
002 URLScheme,             MSUCClient = ascii: https
003 WebServerFqdn,         MSUCClient = ascii: sfbpool.example.com
004 WebServerPort,         MSUCClient = ascii: 443
005 CertProvRelPath,       MSUCClient = ascii: /CertProv/CertProvisioningService.svc

The "Standard" options are no problem and the test scope looks like this:

ip dhcp pool TEST-data
 vrf TESTNET
 network 192.168.1.0 255.255.255.0
 update dns both override
 default-router 192.168.1.254
 dns-server 192.168.2.1 192.168.2.2
 domain-name example.com
 netbios-node-type h-node
 option 42 ip 192.168.2.1 192.168.2.2
 option 66 ip 192.168.2.3
 option 67 ascii SMSBoot\x64\wdsmgfw.efi
 option 120 ascii sfbpool.example.com
 lease 3

My issue is when it comes to the MSUCClient options.
I added option 60 but found that I can only add a single option 43:

TESTC9300(config)#ip dhcp pool testdata
TESTC9300(dhcp-config)#option 60 ascii MSUCClient
TESTC9300(dhcp-config)#option 43 hex 01:0C:4d:53:2d:55:43:2d:43:6c:69:65:6e:74
TESTC9300(dhcp-config)#option 43 hex 02:05:68:74:74:70:73
TESTC9300(dhcp-config)#option 43 hex 03:13:73:66:62:70:6f:6f:6c:2e:65:78:61:6d:70:6c:65:2e:63:6f:6d
TESTC9300(dhcp-config)#option 43 hex 04:03:34:34:33
TESTC9300(dhcp-config)#option 43 hex 05:25:2f:43:65:72:74:50:72:6f:76:2f:43:65:72:74:50:72:6f:76:69:73:69:6f:6e:69:6e:67:53:65:72:76:69:63:65:2e:73:76:63
TESTC9300(dhcp-config)#^Z
TESTC9300#show run | s ip dhcp pool
ip dhcp pool testdata
 ...
 option 60 ascii MSUCClient
 option 43 hex 0525.2f43.6572.7450.726f.762f.4365.7274.5072.6f76.6973.696f.6e69.6e67.5365.7276.6963.652e.7376.63
TESTC9300#

I did a bit of research (including the RFC) and found that you should string them together, so I did and found that the switch truncated the option list after 60 bytes:

TESTC9300(config)#ip dhcp pool testdata
TESTC9300(dhcp-config)#option 43 hex 01:0C:4d:53:2d:55:43:2d:43:6c:69:65:6e:74:02:05:68:74:74:70:73:03:13:73:66:62:70:6f:6f:6c:2e:65:78:61:6d:70:6c:65:2e:63:6f:6d:04:03:34:34:33:05:25:2f:43:65:72:74:50:72:6f:76:2f:43:65:72:74:50:72:6f:76:69:73:69:6f:6e:69:6e:67:53:65:72:76:69:63:65:2e:73:76:63
TESTC9300(dhcp-config)#^Z
TESTC9300#show run | s ip dhcp pool
ip dhcp pool testdata
 ...
 option 60 ascii MSUCClient
 option 43 hex 010c.4d53.2d55.432d.436c.6965.6e74.0205.6874.7470.7303.1373.6662.706f.6f6c.2e65.7861.6d70.6c65.2e63.6f6d.0403.3434.3305.252f.4365.7274.5072.6f76.2f43
TESTC9300#

I suspect I have misunderstood how option 43 is meant to be used, but I cannot find any examples apart from configuring CAPWAP and hope that someone on here can clarify how these options should be configured.

Thanks in advance,
Si...

M02@rt37 · ‎05-05-2023

Hello @Scaremonger,

Option 43 is a DHCP option that is used to provide clients with vendor-specific information. The information provided in this option is usually used by the client to locate and configure the appropriate network services.

In the case of configuring CAPWAP, Option 43 can be used to provide the IP address of the wireless LAN controller to the CAPWAP access point. This allows the access point to discover and establish a connection to the WLC.

The format of the Option 43 field is specific to the vendor. For Cisco WLCs, the format of Option 43 is as follows:

--The first byte is the Option Code, which is always 0x2B (43 in decimal)

--The second byte is the Option Length, which is the number of bytes in the value field

--The value field contains one or more sub-options, which are used to specify the IP addresses of the WLCs in the controller cluster.

To configure Option 43 for Cisco WLCs, you can generate the hexadecimal string that represents the Option 43 field.

For example, if you have a WLC with an IP address of 192.168.1.1, the hexadecimal string for Option 43 would be:

2B 06 01 C0 A8 01 01

--2B is the Option Code (43 in decimal)

--06 is the Option Length (6 bytes)

--01 C0 A8 01 01 is the IP address of the WLC in hexadecimal format

You would then need to configure your DHCP server to provide this hexadecimal string as the value for Option 43.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Scaremonger · ‎05-09-2023

Thanks; I know how to do CAPWAP. What I need is how to configure different vendor information.

Flavio Miranda · ‎05-05-2023

Hi

This is for which voip system?

Scaremonger · ‎05-09-2023

They have Skype for Business and are moving to Teams shortly.

Flavio Miranda · ‎05-09-2023

Right. I dont believe this will be possible with Cisco switch DHCP. Not sure how far you went on it as this post have a few days but I was looking into the problem and I dont think is possible.

The problem is not the option 43 but the sub-option under it. The Options was created similar to an API so each vendor could used it accordingly to your sulution. Cisco took it in order to help Access Point discovery WLC but we can see that others vendor and mostly Voip Vendors use it to inform the Server where clients can get the certificate.

On this link here http://blog.schertz.name/2012/05/understanding-dhcp-option-43/ this guy named Jeff Schertz did an execellent job explaning the option 43, mostly for Voip system.