Discovering WLC – DHCP option 43

Cisco LAP (lightweight AP) can discover WLC IP address via DHCP option 43.

Quick Notes

  1. There are two DHCP vendor specific options: 43 and 60
  2. option 60 – vendor class identifier (VCI) – used by DHCP client to “name itself”, so DHCP server can recognize the device vendor and type
  3. option 43 – used by the DHCP server to pass additional information for its client (for example WCL IP address)
  4. option 43 contains sub-options
  5. DHCP server can recognize device using VCI (option 60) and pass the specific information to this device type only (using option 43). However DHCP server can be configured to always pass additional information using option 43 (regardless who the client is)

Example

Here is a quick way to test DHCP option 43 in your lab. You can use simple app tftpd32.exe (download from http://tftpd32.jounin.net/) to act as your DHCP server. Run the app and configure the DHCP tab. On the picture below option 43 was also configured.

Configure option  43

Note the value x f1 04 c0 a8 00 dd.

x – the value which tells the tftpd32.exe app that next characters are hex digits (read the manual of the tftpd32.exe)
f1 – the tftpd32.exe will sent f1 sub-option;  cisco LAP looks for this  sub-option  (to obtain the Cisco WLC IP address)
04 – length four bytes (for one IP address)
c0 a8 00 dd – 192.168.0.221 (management IP of WLC)

In this case DHCP server uses option 43 (and sub-option 0xf1) to pass the value c0a800dd (4 bytes length) for all the DHCP clients.

Here is the debug from Cisco LAP (the interesting lines were bolded)

AP0021.55ff.6497>debug dhcp

(...)

*Mar  1 00:55:32.318: DHCP: Scan: Message type: DHCP Offer
*Mar  1 00:55:32.318: DHCP: Scan: Server ID Option: 192.168.137.1 = C0A88901
*Mar  1 00:55:32.318: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Mar  1 00:55:32.318: DHCP: Scan: Router Option: 192.168.137.1
*Mar  1 00:55:32.318: DHCP: Scan: Lease Time: 36000
*Mar  1 00:55:32.318: DHCP: Scan: Renewal time: 18000
*Mar  1 00:55:32.319: DHCP: Scan: Rebind time: 28800
*Mar  1 00:55:32.319: DHCP: Scan: TFTP Server Name: 192.168.137.1
*Mar  1 00:55:32.319: DHCP: Scan: Vendor specific option 43: F104C0A800DD
*Mar  1 00:55:32.319: DHCP: rcvd pkt source: 192.168.137.1,  destination:  255.255.255.255
*Mar  1 00:55:32.320:    UDP  sport: 43,  dport: 44,  length: 311
*Mar  1 00:55:32.320:    DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Mar  1 00:55:32.320:    DHCP server identifier: 192.168.137.1
*Mar  1 00:55:32.320:         xid: 1112, secs: 0, flags: 8000
*Mar  1 00:55:32.320:         client: 0.0.0.0, your: 192.168.137.141
*Mar  1 00:55:32.320:         srvr:   192.168.137.1, gw: 0.0.0.0
*Mar  1 00:55:32.320:         options block length: 63

*Mar  1 00:55:32.320: DHCP Offer Message   Offered Address: 192.168.137.141
*Mar  1 00:55:32.320: DHCP: Lease Seconds: 36000    Renewal secs:  18000    Rebind secs:   28800
*Mar  1 00:55:32.320: DHCP: Server ID Option: 192.168.137.1
*Mar  1 00:55:32.321: DHCP: offer received from 192.168.137.1
*Mar  1 00:55:32.321: DHCP: SRequest attempt # 1 for entry:
*Mar  1 00:55:32.321: Temp IP addr: 192.168.137.141  for peer on Interface: FastEthernet0
*Mar  1 00:55:32.321: Temp  sub net mask: 255.255.255.0
*Mar  1 00:55:32.321:    DHCP Lease server: 192.168.137.1, state: 2 Requesting
*Mar  1 00:55:32.322:    DHCP transaction id: 1112
*Mar  1 00:55:32.322:    Lease: 36000 secs,  Renewal: 0 secs,  Rebind: 0 secs
*Mar  1 00:55:32.322:    Next timer fires after: 00:00:03
*Mar  1 00:55:32.322:    Retry count: 1   Client-ID: 0021.55ff.6497
*Mar  1 00:55:32.322:    Client-ID hex dump: 002155FF6497
*Mar  1 00:55:32.322:    Hostname: AP0021.55ff.6497
*Mar  1 00:55:32.322: DHCP: SRequest- Server ID option: 192.168.137.1
*Mar  1 00:55:32.322: DHCP: SRequest- Requested IP addr option: 192.168.137.141
*Mar  1 00:55:32.322: DHCP: SRequest placed lease len option: 36000
*Mar  1 00:55:32.322: DHCP: SRequest placed class-id option: 436973636F204150206331323030
*Mar  1 00:55:32.323: DHCP: SRequest: 320 bytes
*Mar  1 00:55:32.323: DHCP: SRequest: 320 bytes
*Mar  1 00:55:32.324:             B'cast on FastEthernet0 interface from 0.0.0.0
*Mar  1 00:55:32.340: DHCP: Received a BOOTREP pkt
*Mar  1 00:55:32.340: DHCP: Scan: Message type: DHCP Ack
*Mar  1 00:55:32.340: DHCP: Scan: Server ID Option: 192.168.137.1 = C0A88901
*Mar  1 00:55:32.340: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Mar  1 00:55:32.340: DHCP: Scan: Router Option: 192.168.137.1
*Mar  1 00:55:32.341: DHCP: Scan: Lease Time: 36000
*Mar  1 00:55:32.341: DHCP: Scan: Renewal time: 18000
*Mar  1 00:55:32.341: DHCP: Scan: Rebind time: 28800
*Mar  1 00:55:32.341: DHCP: Scan: TFTP Server Name: 192.168.137.1
*Mar  1 00:55:32.341: DHCP: Scan: Vendor specific option 43: F104C0A800DD
*Mar  1 00:55:32.342: DHCP: rcvd pkt source: 192.168.137.1,  destination:  255.255.255.255
*Mar  1 00:55:32.342:    UDP  sport: 43,  dport: 44,  leng
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.137.1)

Translating "CISCO-LWAPP-CONTROLLER"...domain server (192.168.137.1)
th: 311
*Mar  1 00:55:32.342:    DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Mar  1 00:55:32.342:    DHCP server identifier: 192.168.137.1
*Mar  1 00:55:32.342:         xid: 1112, secs: 0, flags: 8000
*Mar  1 00:55:32.342:         client: 0.0.0.0, your: 192.168.137.141
*Mar  1 00:55:32.342:         srvr:   192.168.137.1, gw: 0.0.0.0
*Mar  1 00:55:32.342:         options block length: 63

*Mar  1 00:55:32.342: DHCP Ack Message
*Mar  1 00:55:32.342: DHCP: Lease Seconds: 36000    Renewal secs:  18000    Rebind secs:   28800
*Mar  1 00:55:32.343: DHCP: Server ID Option: 192.168.137.1
*Mar  1 00:55:35.344: DHCP: Releasing ipl options:
*Mar  1 00:55:35.344: DHCP: Applying DHCP options:
*Mar  1 00:55:35.344:   Setting default_gateway to 192.168.137.1
*Mar  1 00:55:35.344:   Adding default route 192.168.137.1
*Mar  1 00:55:35.344: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Mar  1 00:55:35.438: DHCPC: Notifying other components about option 43
*Mar  1 00:55:35.438: Allocated IP address = 192.168.137.141  255.255.255.0

*Mar  1 00:55:35.438: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.137.141, mask 255.255.255.0, hostname AP0021.55ff.6497

*Mar  1 00:55:36.344:   Adding route to DHCP server 192.168.137.1 via FastEthernet0 192.168.137.1
*Mar  1 00:55:36.344: DHCP Client Pooling: ***Allocated IP address: 192.168.137.141
*Mar  1 00:55:36.344: DHCP: Received a BOOTREP pkt
*Mar  1 00:55:36.344: DHCP: Scan: Message type: DHCP Offer
*Mar  1 00:55:36.345: DHCP: Scan: Server ID Option: 192.168.137.1 = C0A88901
*Mar  1 00:55:36.345: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Mar  1 00:55:36.345: DHCP: Scan: Router Option: 192.168.137.1
*Mar  1 00:55:36.345: DHCP: Scan: DNS Name Server Option: 192.168.137.1
*Mar  1 00:55:36.345: DHCP: Scan: Renewal time: 300
*Mar  1 00:55:36.345: DHCP: Scan: Rebind time: 453600
*Mar  1 00:55:36.345: DHCP: Scan: Lease Time: 604800
*Mar  1 00:55:36.345: DHCP: Scan: Domain Name: mshome.net
*Mar  1 00:55:36.345: DHCP: rcvd pkt source: 192.168.137.1,  destination:  255.255.255.255
*Mar  1 00:55:36.345:    UDP  sport: 43,  dport: 44,  length: 310
*Mar  1 00:55:36.345:    DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Mar  1 00:55:36.346:    DHCP server identifier: 192.168.137.1
*Mar  1 00:55:36.346:         xid: 1112, secs: 0, flags: 8000
*Mar  1 00:55:36.346:         client: 0.0.0.0, your: 192.168.137.117
*Mar  1 00:55:36.346:         srvr:   0.0.0.0, gw: 0.0.0.0
*Mar  1 00:55:36.346:         options block length: 62

*Mar  1 00:55:36.346: DHCP Offer Message   Offered Address: 192.168.137.117
*Mar  1 00:55:36.347: DHCP: Lease Seconds: 604800    Renewal secs:  300    Rebind secs:   453600
*Mar  1 00:55:36.347: DHCP: Server ID Option: 192.168.137.1
*Mar  1 00:55:36.347: DHCP: offer received from 192.168.137.1
*Mar  1 00:55:36.347: DHCP: offer received in bad state: Bound  punt
*Mar  1 00:55:36.347: DHCP: Received a BOOTREP pkt
*Mar  1 00:55:36.347: DHCP: Scan: Message type: DHCP Ack
*Mar  1 00:55:36.347: DHCP: Scan: Server ID Option: 192.168.137.1 = C0A88901
*Mar  1 00:55:36.347: DHCP: Scan: Subnet Address Option: 255.255.255.0
*Mar  1 00:55:36.347: DHCP: Scan: Router Option: 192.168.137.1
*Mar  1 00:55:36.347: DHCP: Scan: DNS Name Server Option: 192.168.137.1
*Mar  1 00:55:36.348: DHCP: Scan: Renewal time: 300
*Mar  1 00:55:36.348: DHCP: Scan: Rebind time: 453600
*Mar  1 00:55:36.348: DHCP: Scan: Lease Time: 604800
*Mar  1 00:55:36.348: DHCP: Scan: Domain Name: mshome.net
*Mar  1 00:55:36.348: DHCP: rcvd pkt source: 192.168.137.1,  destination:  255.255.255.255
*Mar  1 00:55:36.348:    UDP  sport: 43,  dport: 44,  length: 310
*Mar  1 00:55:36.349:    DHCP op: 2, htype: 1, hlen: 6, hops: 0
*Mar  1 00:55:36.349:    DHCP server identifier: 192.168.137.1
*Mar  1 00:55:36.349:         xid: 1112, secs: 0, flags: 8000
*Mar  1 00:55:36.349:         client: 0.0.0.0, your: 192.168.137.141
*Mar  1 00:55:36.349:         srvr:   0.0.0.0, gw: 0.0.0.0
*Mar  1 00:55:36.349:         options block length: 62

*Mar  1 00:55:36.349: DHCP Ack Message
*Mar  1 00:55:36.349: DHCP: Lease Seconds: 604800    Renewal secs:  300    Rebind secs:   453600
*Mar  1 00:55:36.349: DHCP: Server ID Option: 192.168.137.1
*Mar  1 00:55:36.349: DHCP: rcv ack in Bound state: punt
*Mar  1 00:55:40.182: DHCP: look up vendor specific information for Fa0 got vendor specific ret: succeed
*Mar  1 00:55:40.182: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.0.221 obtained through DHCP
*Mar  1 00:55:40.182: DHCP: look up prim Log Server for Fa0 from lease any ret: fail
*Mar  1 00:55:40.183: DHCP: look up prim DNS for Fa0 from lease any ret: fail
*Jan 14 23:08:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.222 peer_port: 5246

Sources

  1. http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html

Leave a Reply

Your email address will not be published. Required fields are marked *