Configure a Linux dhcp server with option 43 to use with Zonedirector/Flexmaster

  • 3
  • Idea
  • Updated 3 years ago
  • Implemented
This was nowhere online and Ruckus' support docs only have instructions for Windows. Their support guy gave this to me and I'm passing it on for future generations flailing with this.

Using Redhat 6.3 and regular dhcpd that comes with it. This is the /etc/dhcpd/dhcpd.conf. Overwrite and restart dhcpd with 'service dhcpd restart' and voila!

##############################################################
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.sample
# see 'man 5 dhcpd.conf'
#
#####
#Define a vendor option space globally for Ruckus
option space Ruckus;
#Sub option 3 is for Zone Director Discovery, which is comma separated IP address string.
option Ruckus.ZoneDirector code 3 = string;
#FM is option 1, it is URL in string format
option Ruckus.FMUrl code 1 = string;
####

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-search "ruckus.local";
option domain-name-servers 192.168.1.1;

###To Match if AP sends "Ruckus CPE"
class "RuckusCPE" {
match if option vendor-class-identifier = "Ruckus CPE";
vendor-option-space Ruckus;
# Please edit the IP address(a.b.c.d) to match the Zone Director's IP . If you don't want to give zone director then remove the next line.
option Ruckus.ZoneDirector "a.b.c.d";
# Pleas edit XXXXXXX to provide the correct URL of FlexMaster, if you need to give the FlexMaster details to AP to be managed by FlexMaster.

option Ruckus.FMUrl "xxxxxxxxxxxxx";

}

# Some version of software on AP sends "Ruckus" instead of "Ruckus CPE". So I am repeating the same block below to match on "Ruckus"

class "Ruckus" {
match if option vendor-class-identifier = "Ruckus";
vendor-option-space Ruckus;
# Please edit the IP address(a.b.c.d) to match the Zone Director's IP . If you don't want to give zone director then remove the next line.
option Ruckus.ZoneDirector "a.b.c.d";
# Pleas edit XXXXXXX to provide the correct URL of FlexMaster, if you need to give the FlexMaster details to AP to be managed by FlexMaster.

option Ruckus.FMUrl "xxxxxxxxxxxxx";

}

range 192.168.1.10 192.168.1.100;
}

##############################################################
Photo of Scott Taylor

Scott Taylor

  • 1 Post
  • 0 Reply Likes

Posted 4 years ago

  • 3
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 51 Reply Likes
@Scott - thanks much for sharing!

This will shortly (~1hr) be in our knowledge base as https://support.ruckuswireless.com/an...
Photo of Matt

Matt

  • 7 Posts
  • 1 Reply Like
This setup works if the match condition is only for a single pool. I'm hoping someone can help me with the proper syntax to get this to work when using multiple pools.

I'm setting this up on a centralized DHCP server that has to have this match in several pools. DHCPd errors on start if I add this to more than 1 pool.

On the ISC DHCPd forum, I found a post related to setting this up a match condition for use in multiple pools. It involved moving the class stanza with match outside of the pool and making it global but this doesn't seem to work in Linux. I'm using Centos 5.9.

Here's the way the mailing list thread said to set it up:

class "Ruckus" {
match if option vendor-class-identifier = "Ruckus";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector code 3 = string;
}

# DSC Mgt WLAN Subnet 1
subnet 172.16.1.0 netmask 255.255.255.0 {
option broadcast-address 172.16.1.255;
option domain-name "ads.charteroak.edu";
option routers 172.16.1.1;
authoritative;
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
pool {
range 172.16.1.50 172.16.1.100;
}
}
# Badillo Mgt WLAN Subnet 11
subnet 172.16.11.0 netmask 255.255.255.0 {
option broadcast-address 172.16.11.255;
option domain-name "ads.charteroak.edu";
option routers 172.16.11.1;
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
pool {
range 172.16.11.50 172.16.11.100;
}
}

This isn't working. I hope someone can help with the proper syntax.

Thanks in advance,
Matt
Photo of Matt

Matt

  • 7 Posts
  • 1 Reply Like
I think I figured it out but I haven't been able to test it yet.

My understanding is Option 43 is defined per pool. So, I created a class for both of these and used a different class name for each pool. The DHCP server starts fine. I'll update this once I test to see if the match condition works.

This is how it looks right now and DHCP starts without errors.
If this is wrong please let me know:

option space Ruckus;
option Ruckus.ZoneDirector code 3 = string;

# DSC Mgt WLAN Subnet 1
subnet 172.16.1.0 netmask 255.255.255.0 {
option broadcast-address 172.16.1.255;
option domain-name "ads.charteroak.edu";
option routers 172.16.1.1;
authoritative;
class "DSC-Ruckus" {
match if option vendor-class-identifier = "Ruckus";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
class "DSC-RuckusCPE" {
match if option vendor-class-identifier = "Ruckus CPE";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
pool {
range 172.16.1.50 172.16.1.100;
}
}
# Badillo Mgt WLAN Subnet 11
subnet 172.16.11.0 netmask 255.255.255.0 {
option broadcast-address 172.16.11.255;
option domain-name "ads.charteroak.edu";
option routers 172.16.11.1;
class "BAD-Ruckus" {
match if option vendor-class-identifier = "Ruckus";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
class "BAD-RuckusCPE" {
match if option vendor-class-identifier = "Ruckus CPE";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
pool {
range 172.16.11.50 172.16.11.100;
}
}
Photo of Matt

Matt

  • 7 Posts
  • 1 Reply Like
My above response is wrong.

The issue I found using it is that DHCPd would find the 1st match and apply those DHCP options. It doesn't honor the subnet statement. As a friend said, "The match is too broad."

The fix was to create a group and apply the Option 43 match as a global Option for the group.

You may be able to create a nested match statement that matches on the subnet where the DHCP request is coming from or the IP of the device forwarding the DHCP request but I didn't go that route.

Here's a sample:

group {
###To Match if AP sends "Ruckus CPE"
class "RuckusCPE" {
match if option vendor-class-identifier = "Ruckus CPE";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
###To Match if AP sends "Ruckus"
class "Ruckus" {
match if option vendor-class-identifier = "Ruckus";
vendor-option-space Ruckus;
option Ruckus.ZoneDirector "172.16.1.47,172.16.1.48";
}
# Mgt WLAN Subnet 1
subnet 172.16.1.0 netmask 255.255.255.0 {
option broadcast-address 172.16.1.255;
option domain-name "something.com";
option routers 172.16.1.1;
pool {
range 172.16.1.50 172.16.1.100;
}
}
# Mgt WLAN Subnet 2
subnet 172.16.11.0 netmask 255.255.255.0 {
option broadcast-address 172.16.11.255;
option domain-name "something.com";
option routers 172.16.11.1;
pool {
range 172.16.11.50 172.16.11.100;
}
}
}
Photo of Martin Leduc

Martin Leduc

  • 2 Posts
  • 0 Reply Likes
HI,

Really interesting but there is one thing I dont really understand about the Sub-Option. As defined into the RFC2132, the option 43 doesn't seems like to be able to have sub-options, like the 122 for the VoIP with CableLabs.

So this means that the DHCP server aren't supposed to handle the 43.3 sub options OR we have to encapsulate it in RAW DATA. So, I understand when I'm following the Documentation ZD User Guide, Page 33-34 Option 2 and try to understand the example:

If the there are two ZoneDirectors with IP Addresses 192.168.0.1 and 192,168.0.20, then the value will be « 192.168.0.10,192.168.0.20 » and the length is 25 (hex value 0x19).

There is missing a critical part of the example... the ANSWER : « And the appropriate computed Value is : ????????????????? »

Using Wireshark to understand the requirement, I found the required value in the filter "bootp.option.request_list_item" and 43 are there. Not 43.3, so the sub-option have to be encapsulate into the RAW Data.

So if my ZD3025 are located at the IP 172.17.0.2 (0xAC110002) and the length of my String is 10 (0x0A), the encapsulated value of the sub-option 3 (0x03) is????

My guest: 0x030AAC110002

Doesn't work :(

Need help please!