3532 - Configuring DHCP option space and filter in NIOS
Scenario
The appliance you ordered, Luminous Online Temperature Regulator (LOTR), has finally arrived! You can’t wait to see its magic! However, it won’t boot up correctly on the network. Upon contacting the company, Tolkien’s Inc., they inform you that you will need to supply special DHCP options to make the appliance function properly. The special options are: option 10 Config Filename and option 15 Controller IP Address. These conflict with your existing DHCP options numbers. Additionally, you want to make sure special vendor DHCP options are only delivered to the LOTR appliances, not any others. Please make the necessary DHCP configurations on the Grid to bring the LOTR appliances online.
Hint: You may use DHCP options filter on the DHCP server to identify LOTR devices. Once identified, send special options to these devices only.
Estimate Completion Time
25-35 minutes
Credentials
Description | Username | Password | URL or IP |
---|---|---|---|
Grid Manager UI | admin | infoblox |
Course Reference
3012: DHCP Troubleshooting Methodology
3018: Configuring NIOS DHCP Option Spaces and Filters
Lab Initiation
Access jump-desktop
Once the lab is deployed, you can access the virtual machines required to complete this lab activity. To initiate the lab, click on the jump-desktop tile and login to the Linux UI:
Username: training
Password: infoblox
Initiate lab
To initiate the lab, double-click the Launch Lab icon on the Desktop.
Choose the lab number from the list and click OK.
After clicking OK, you will see a pop-up message with a brief description of the lab task. If the description looks correct, click Yes to continue lab initiation.
Lab initiation will take a couple of minutes to finish.
Once complete, you will see another pop-up message with the login credentials and the URL for the Grid Manager’s User Interface. Note that the credentials may differ from those from prior labs.
Tasks
Capture DHCP information
Analyze the captured traffic
Create a new IPv4 option space
Add the DHCP options to the network
Create an IPv4 option filter
Verify the client behavior
Task 1: Capture DHCP information
You need to find out what the client is sending in its DHCPDISCOVER message and find something that you can use to identify the client. Enable DHCP on the VM testing-linux, while performing traffic capture on the DHCP member ibns1.
In this lab, we are using the VM testing-linux to emulate the LOTR appliance. The VM is sending special DHCP options, as would the LOTR appliances.
Task 2: Analyze the captured traffic
Download and examine the traffic capture to locate relevant DHCP option information.
Hint: Many devices use option 60 to list their make and model.
Task 3: Create a new IPv4 option space
Since the device requires DHCP option numbers (10 and 15) that conflict with existing ones, we must create a new IPv4 option space. Create a new space named Tolkien, and create the following 2 DHCP options according to the vendor’s documentation listed in Table 2532-1:
Table 3532-1
DHCP Code | DHCP Data Type | Name or Description |
---|---|---|
10 | text | Configuration Filename |
15 | ip-address | Controller IP Address |
Task 4: Add the DHCP options to the network
The special appliances are located on the network 172.31.101.0/24. Please update the DHCP options setting on this network, so that it contains the new vendor options. Please use these values for this network:
Option 10: bootfile.cfg
Option 15: 10.100.52.52
Task 5: Create an IPv4 option filter
You want to make sure that no other devices receive these special vendor options. Please create a DHCP filter that would help the DHCP servers identify these LOTR devices. Although you are only placing these devices on the subnet 172.31.101.0/24 for now, you plan on adding more to other networks. Thus, you need to apply the filter as a global DHCP class, so this filtering behavior is applied on every network.
Task 6: Verify the client behavior
Test your shiny LOTR appliance to make sure it receives a DHCP lease with all the correct special options.
Solutions
Task 1 Solution: Capture DHCP information
You need to find out what the client is sending in its DHCPDISCOVER message and find something that you can use to identify the client. Enable DHCP on the VM testing-linux, while performing traffic capture on the DHCP member ibns1.
Starting the traffic capture in the GM
Switch to the VM jump-desktop.
In the GM web interface, navigate to Grid→Grid Manager→Members.
From the Toolbar on the right, scroll down and click Traffic Capture, this brings out the Traffic Capture dialog.
In the Traffic Capture dialog, click the Add (+) button and select ibns1.techblue.net from the Member Selector window.
Verify that the the Interface for this is set to ALL (drop-down list).
Click the Capture Control Start button to start the capture.
If prompted about overwriting existing capture files, answer Yes.
Leave the Traffic Capture dialog open and continue to the next step.
Enabling DHCP in the test client
Switch to the VM testing-linux.
Open a Terminal window on the VM testing-linux.
Use the command
sudo set-network-disable
(sudo password: infoblox) to disable DHCP.Use the command
sudo clear-dhcp-leases
to clear any previous leases.Use the command
sudo set-network-dhcp
to re-enable DHCP.Use the command sudo
show-dhcp-lease
to see the lease details. Below is an example of the output of this command:CODE--- Raw DHCP Lease Information lease { interface "ens160"; fixed-address 172.31.101.85; option subnet-mask 255.255.255.0; option dhcp-lease-time 43200; option routers 172.31.101.1; option dhcp-message-type 5; option dhcp-server-identifier 10.100.0.105; option domain-name-servers 8.8.8.8,9.9.9.9; option domain-name "techblue.net"; renew 5 2023/08/11 01:33:38; rebind 5 2023/08/11 06:19:36; expire 5 2023/08/11 07:49:36; }
Stopping the traffic capture in the GM
Switch to the VM jump-desktop.
Back in the Grid Manager, click the Stop button to halt traffic capture.
Place a checkmark beside ibns1.techblue.net.
Click the Download button.
If prompted, save the file to the Downloads folder. The filename will contain the name of the member, the word tcpdump, and has the file extension tar.gz.
While you are in the GM, you can also verify that you can see the client’s lease file under Data Management → DHCP → Leases.
Task 2 Solution: Analyze the captured traffic
Download and examine the traffic capture to locate relevant DHCP option information.
On the jump-desktop, open the Downloads folder.
Right-click on the packet capture file downloaded in Task 1 and choose Extract Here. This action creates a new folder in the Downloads folder.
Open the newly created folder and double click on the entry traffic.cap to open it with Wireshark.
In the Display Filter text field near the top, enter dhcp, and press the enter key to apply the filter. This hides all other packets, leaving only DHCP packets.
Locate the DHCPDISCOVER packet from the client. It should show the source address 10.100.0.1 (the router interface), destination address 10.100.0.105 (DHCP server), and in the Info section shows DHCP Discover followed by the transaction ID.
With the packet selected, scroll down and expand the Dynamic Host Configuration Protocol (Discover) section.
Scroll down further to expand DHCP options to examine. Some common options that can be used to identify the client are: Option 12 (Host Name), Option 55 (Parameter Request List, or PRL), and Option 60 (Vendor class identifier).
Expand Option 60. You can see the string IBEDU.sauron-2022_10_21 (example shown below.)
Note this string down. You will use this to create an DHCP option filter later.
Task 3 Solution: Create a new IPv4 option space
Since the device requires DHCP option numbers (10 and 15) that conflict with existing ones, we must create a new IPv4 option space. Create a new space named Tolkien, and create the following 2 DHCP options according to the vendor’s documentation listed in Table 2532-1:
In GM web interface, navigate to Data Management→DHCP→Option Spaces.
Click the Add drop-down button and choose IPv4 Option Space. The Add IPv4 Option Space Wizard appears.
For Name, enter Tolkien.
Click the Add button to create a new option (Information taken from Table 2532-1):
Name: ConfigFile
Code: 10
Type: text
Click the Add button again to create another new option:
Name: ControllerIP
Code: 15
Type: array of ip-address
The end screen should look like this:
Click Save & Close.
Task 4: Add the DHCP options to the network
The special appliances are located on the network 172.31.101.0/24. Please update the DHCP options setting on this network, so that it contains the new vendor options. Please use these values for this network:
Option 10: bootfile.cfg
Option 15: 10.100.52.52
Edit the 172.31.101.0/24 network and configure values for the newly defined custom DHCP options.
Navigate to Data Management → DHCP → Networks → Networks.
Select 172.31.101.0/24, and click Edit.
Select the IPv4 DHCP Options tab on the left.
Scroll down to the bottom to the Custom DHCP Options section.
Scroll all the way to the bottom of the list to add a new Custom DHCP Option
Configure the first custom option (option 10):
Use the drop-down menu to select the DHCP option space Tolkien.
Use the drop-down menu to select ConfigFile (10) text.
In the text field, enter bootfile.cfg.
Click the plus (+) button to add another custom option (option 15):
Use the drop-down menu to select the DHCP option space Tolkien.
Use the drop-down menu to select ControllerIP (15) array of ip-address.
In the text field, enter 10.100.52.52.
The configuration should look like this:
Click Save & Close.
Don’t restart services yet, continue on to create an IPv4 option filter.
Task 5 Solution: Create an IPv4 option filter
You want to make sure that no other devices receive these special vendor options. Please create a DHCP filter that would help the DHCP servers identify these LOTR devices. Although you are only placing these devices on the subnet 172.31.101.0/24 for now, you plan on adding more to other networks. Thus, you need to apply the filter as a global DHCP class, so this filtering behavior is applied on every network.
Create an IPv4 Option Filter called Tolkien Filter. This filter will search for an Option 60 value from all clients. If a match is found, the DHCP server will return options in the standard DHCPv4 option space as well as the newly created Tolkien option space.
Navigate to Data Management→DHCP→Filters.
Click Add → IPv4 Option Filter. This brings out the Add IPv4 Option Filter Wizard.
In Step 1 of 5 of the Wizard, for the filter Name, enter Tolkien Filter.
Ensure Apply this filter as a global DHCP class is checked. This wil
l apply the filter to every incoming DHCP message.
At Step 2 of 5 of the Wizard, create a rule that matches for any vendor-class-identifier string that begins with IBEDU:
In the drop-down menu Choose Filter, select vendor-class-identifier (60) string.
In the drop-down menu Choose Operator, select substring equals, set the offset to 0 and length to 5.
In the value field, enter IBEDU. Click Next.
At Step 3 of 5 of the Wizard, in the Option Space drop-down menu, select DHCP+Tolkien.
Click Save & Close.
Restart services when prompted.
In Step 2 of 5 of the Add IPv4 Option Filter Wizard, We are matching for just the first five letters of Option 60, IBEDU, rather than the entire string, IBEDU.sauron-2022_10_21. You can certainly match for the entire string, especially if you are looking to match for specific model numbers. In our example here, this closely resembles matching for the make or product family, rather than the specific model.
Task 6 Solution: Verify the client behavior
Test your shiny LOTR appliance to make sure it receives a DHCP lease with all the correct special options.
Switch to the VM testing-linux.
Open a Terminal window on the VM testing-linux.
Use the command
sudo set-network-disable
(sudo password: infoblox) to disable DHCP.Use the command
sudo clear-dhcp-leases
to clear any previous leases.Use the command
sudo set-network-dhcp
to re-enable DHCP.Use the command sudo
show-dhcp-lease
to see the lease details. You should be able to see additional vendor encapsulated options (option 43) information near the bottom like this: