ISC DHCP Server - Matching client identifier won't work for single device

Question

I hope someone can help me with this problem.

What am I trying to do

I want to provide information to a Cisco ASR1k depending on its serial number. Reason for this is I don't have any MAC address of the device. Only the serial number of the chassie is known.

Problematic device is running IOS-XE

I need to use ISC DHCP Server 4.4

What have I tried

Since I already did this with another Cisco device (another model with IOS-XR running on it) I just copied my config and replaced the given serial number.

Working config

class "working-cisco-device" {
    match if (substring(option dhcp-client-identifier,0,11) = "SERIALWORKING");
    option routers 1.1.1.1;
    filename="http://SERVER/pub/configs/cisco/SERIALWORKING.txt";

subnet 10.119.168.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    log(info, option dhcp-client-identifier);
    pool {
      allow members of "working-cisco-device";
      allow members of "not-working-cisco-device";
      range 10.119.168.131 10.119.168.140;
    }
}
}

This device boots up without a config, gets the correct information from the dhcp server and download its config from the FTP server.

Configuration of problematic device

class "not-working-cisco-device" {
    match if substring(option dhcp-client-identifier,0,11) = "SERIALNOTWORKING";
    #match if option host-name ~~ "Router";
    option routers 1.1.1.1;
    option bootfile-name "http://SERVER/pub/configs/cisco/SERIALNOTWORKING.txt";

subnet 10.119.168.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    pool {
      allow members of "working-cisco-device";
      allow members of "not-working-cisco-device";
      range 10.119.168.131 10.119.168.140;
    }
}

Boot up this device gives me this output:

NOTE: Since the length of option 61 if this device is 12 I already changed the substring indexes with no success.

I also tried to match against a regex with (this syntax worked for some other devices where I evaluated the vendor-class-identifier)

match if option dhcp-client-identifier ~~ ".*SERIALNOTWORKING.*";

To check if it works at all, I matched the devices hostname with

match if option host-name ~~ "Router";

Doing so works and the device started fetching its config.

Jun 10 07:24:36 m4bnvmvs0133 dhcpd: DHCPDISCOVER from f8:xx:xx:xx:4b:40 via 10.119.168.130: network 10.119.168.128/25: no free leases  
.
.
.
.                                                                         
Jun 10 07:24:40 m4bnvmvs0133 dhcpd: DHCPDISCOVER from f8:xx:xx:xx:4b:40 via 10.119.168.130: network 10.119.168.128/25: no free leases

DHCP Discover messages

As you can see the length of Option 61 is 11 on the working device and 12 on the not working device.

I feel like I have a basic implementation problem when it comes to evaluating the individual fields of the DHCP Discover message.

Thanks in advance and best regards

yabberth

yabberth · Accepted Answer · 2022-06-10 08:23:54Z

I found the solution by myself.

class "now-working" {
    match if substring(option dhcp-client-identifier,1,12) = "SERIAL";
                                                     ^  ^
                                                     |  |
                                                    changed
    
    option routers 10.119.168.129;
    option bootfile-name "http://SERVER/pub/configs/cisco/SERIAL.txt";
}

subnet 10.119.168.128 netmask 255.255.255.128 {
    option subnet-mask 255.255.255.128;
    log(info, substring(option dhcp-client-identifier,1,12));
    pool {
      allow members of "now-working";
      range 10.119.168.131 10.119.168.140;
    }
}

NOTE The log() function is very useful. I only increased the last index within the substring() function call. I haven't realized that the dhcp-client-identifier has a type defined. So we need to count from the second byte not from the first one.

Logging Output

Jun 10 10:16:14 dhcpd: DHCPDISCOVER from xx:xx:xx:xx:xx:xx via 10.119.168.130
Jun 10 10:16:15 dhcpd: DHCPOFFER on 10.119.168.138 to xx:xx:xx:xx:xx:xx (Router) via 10.119.168.130
Jun 10 10:16:15 dhcpd: SERIALNUMBER
Jun 10 10:16:15 dhcpd: DHCPREQUEST for 10.119.168.138 (172.22.134.147) from f8:0f:6f:21:4b:40 (Router) via 10.119.168.130
xx:xx:xx:xx:xx:xx dhcpd: DHCPACK on 10.119.168.138 to xx:xx:xx:xx:xx:xx (Router) via 10.119.168.130

I'm still not sure, why the regex matching didn't work. But I can live with this solution.

This is really great information, what format does the SERVER/pub/configs/cisco/SERIAL.txt does it accept? is it serial,ip? — miu, 8 hours ago

Stack Exchange Network

ISC DHCP Server - Matching client identifier won't work for single device

What am I trying to do

What have I tried

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
cisco
isc-dhcp
.

Hot Network Questions

ISC DHCP Server - Matching client identifier won't work for single device

What am I trying to do

What have I tried

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged ciscoisc-dhcp.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
cisco
isc-dhcp
.