Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.



Dynamic Host Configuration Protocol (DHCP) Negotiation

Published: 01/08/2010

Reference trace files:

cisco_dhcp_windows_7.cap

Something we all take for granted but always forget the basics of: Dynamic Host Configuration Protocol (DHCP). Here we configure a Cisco router as a DHCP server with the following parameters:


no ip dhcp conflict logging
ip dhcp excluded-address 10.0.0.1

ip dhcp pool mypool01
   network 10.0.0.0 255.255.255.0
   domain-name corp.mydomain.com
   dns-server 10.0.0.101
   netbios-node-type h-node
   default-router 10.0.0.1
   lease 0 0 10


Remember, until you actually get an IP address (or statically assign one to your interface with an address that fits in the locally-used address space), you're not going to be able to route to other networks.

In this example, a Windows 7 Enterprise edition machine bridges onto the network for the first time in its life and the operating system sends out a DHCP Discover packet to the broadcast address (255.255.255.255). The packet has a Transaction ID (0x18aa7539) so the DHCP server and other network clients doing the same thing around the same time won't get confused between multiple similar requests on the wire. The Discover packet also contains things like the client hostname (MyClientPC01) and the various configuration parameters it's looking for.


Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x18aa7539
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 0.0.0.0 (0.0.0.0)
    Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Discover
        Option: (53) DHCP Message Type
        Length: 1
        Value: 01
    Option: (t=61,l=7) Client identifier
        Option: (61) Client identifier
        Length: 7
        Value: 01001641E0F91C
        Hardware type: Ethernet
        Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Option: (t=12,l=12) Host Name = "MyClientPC01"
        Option: (12) Host Name
        Length: 12
        Value: 4D79436C69656E7450433031
    Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
        Option: (60) Vendor class identifier
        Length: 8
        Value: 4D53465420352E30
    Option: (t=55,l=12) Parameter Request List
        Option: (55) Parameter Request List
        Length: 12
        Value: 010F03062C2E2F1F2179F92B
        1 = Subnet Mask
        15 = Domain Name
        3 = Router
        6 = Domain Name Server
        44 = NetBIOS over TCP/IP Name Server
        46 = NetBIOS over TCP/IP Node Type
        47 = NetBIOS over TCP/IP Scope
        31 = Perform Router Discover
        33 = Static Route
        121 = Classless Static Route
        249 = Private/Classless Static Route (Microsoft)
        43 = Vendor-Specific Information
    End Option
    Padding


The DHCP server eventually responds with an DHCP Offer packet. Note that this also contains the same Transaction ID, as well as the proposed IP address offered to the client, lease time (10 minutes, although typically this is usually more like 24 hours), lease renewal interval (half of the lease time), default gateway (10.0.0.1), DNS domain suffix (corp.mydomain.com), and the NetBIOS node type (h-node, which indicates for NetBIOS transactions perform a WINS query first before a NetBIOS broadcast). Some of these parameters may not be configured on every DHCP server. The Offer packet is sent via unicast to the proposed IP address, although the Ethernet header has the destination MAC address of the client.


Bootstrap Protocol
    Message type: Boot Reply (2)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x18aa7539
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 10.0.0.3 (10.0.0.3)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 0.0.0.0 (0.0.0.0)
    Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Offer
        Option: (53) DHCP Message Type
        Length: 1
        Value: 02
    Option: (t=54,l=4) DHCP Server Identifier = 10.0.0.1
        Option: (54) DHCP Server Identifier
        Length: 4
        Value: 0A000001
    Option: (t=51,l=4) IP Address Lease Time = 10 minutes
        Option: (51) IP Address Lease Time
        Length: 4
        Value: 00000258
    Option: (t=58,l=4) Renewal Time Value = 5 minutes
        Option: (58) Renewal Time Value
        Length: 4
        Value: 0000012C
    Option: (t=59,l=4) Rebinding Time Value = 8 minutes, 45 seconds
        Option: (59) Rebinding Time Value
        Length: 4
        Value: 0000020D
    Option: (t=1,l=4) Subnet Mask = 255.255.255.0
        Option: (1) Subnet Mask
        Length: 4
        Value: FFFFFF00
    Option: (t=15,l=17) Domain Name = "corp.mydomain.com"
        Option: (15) Domain Name
        Length: 17
        Value: 636F72702E6D79646F6D61696E2E636F6D
    Option: (t=6,l=4) Domain Name Server = 10.0.0.101
        Option: (6) Domain Name Server
        Length: 4
        Value: 0A000065
    Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = H-node
        Option: (46) NetBIOS over TCP/IP Node Type
        Length: 1
        Value: 08
    Option: (t=3,l=4) Router = 10.0.0.1
        Option: (3) Router
        Length: 4
        Value: 0A000001
    End Option


The client then makes an formal request for the proposed IP address reflected in the Offer packet by sending out a DHCP Request packet to the broadcast address. The Request Packet is similar to the original Discovery packet, except in the Request a few more items are added such as the requested IP address, an option which identifies the DHCP server, as well as an option for the client's fully qualified domain name.


Bootstrap Protocol
    Message type: Boot Request (1)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x18aa7539
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 0.0.0.0 (0.0.0.0)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 0.0.0.0 (0.0.0.0)
    Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP Request
        Option: (53) DHCP Message Type
        Length: 1
        Value: 03
    Option: (t=61,l=7) Client identifier
        Option: (61) Client identifier
        Length: 7
        Value: 01001641E0F91C
        Hardware type: Ethernet
        Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Option: (t=50,l=4) Requested IP Address = 10.0.0.3
        Option: (50) Requested IP Address
        Length: 4
        Value: 0A000003
    Option: (t=54,l=4) DHCP Server Identifier = 10.0.0.1
        Option: (54) DHCP Server Identifier
        Length: 4
        Value: 0A000001
    Option: (t=12,l=12) Host Name = "MyClientPC01"
        Option: (12) Host Name
        Length: 12
        Value: 4D79436C69656E7450433031
    Option: (t=81,l=15) Client Fully Qualified Domain Name
        Option: (81) Client Fully Qualified Domain Name
        Length: 15
        Value: 0000004D79436C69656E7450433031
        Flags: 0x00
        0000 .... = Reserved flags: 0x00
        .... 0... = Server DDNS: Some server updates
        .... .0.. = Encoding: ASCII encoding
        .... ..0. = Server overrides: No override
        .... ...0 = Server: Client
        A-RR result: 0
        PTR-RR result: 0
        Client name: MyClientPC01
    Option: (t=60,l=8) Vendor class identifier = "MSFT 5.0"
        Option: (60) Vendor class identifier
        Length: 8
        Value: 4D53465420352E30
    Option: (t=55,l=12) Parameter Request List
        Option: (55) Parameter Request List
        Length: 12
        Value: 010F03062C2E2F1F2179F92B
        1 = Subnet Mask
        15 = Domain Name
        3 = Router
        6 = Domain Name Server
        44 = NetBIOS over TCP/IP Name Server
        46 = NetBIOS over TCP/IP Node Type
        47 = NetBIOS over TCP/IP Scope
        31 = Perform Router Discover
        33 = Static Route
        121 = Classless Static Route
        249 = Private/Classless Static Route (Microsoft)
        43 = Vendor-Specific Information
    End Option


Finally, the DHCP server sends an acknowledgement confirmation in the form of a DHCP ACK packet via unicast to the confirmed IP address. It contains essentially the same information as the Offer packet (except that the DHCP Message Type is different).


Bootstrap Protocol
    Message type: Boot Reply (2)
    Hardware type: Ethernet
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x18aa7539
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
        0... .... .... .... = Broadcast flag: Unicast
        .000 0000 0000 0000 = Reserved flags: 0x0000
    Client IP address: 0.0.0.0 (0.0.0.0)
    Your (client) IP address: 10.0.0.3 (10.0.0.3)
    Next server IP address: 0.0.0.0 (0.0.0.0)
    Relay agent IP address: 0.0.0.0 (0.0.0.0)
    Client MAC address: Usi_e0:f9:1c (00:16:41:e0:f9:1c)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: (OK)
    Option: (t=53,l=1) DHCP Message Type = DHCP ACK
        Option: (53) DHCP Message Type
        Length: 1
        Value: 05
    Option: (t=54,l=4) DHCP Server Identifier = 10.0.0.1
        Option: (54) DHCP Server Identifier
        Length: 4
        Value: 0A000001
    Option: (t=51,l=4) IP Address Lease Time = 10 minutes
        Option: (51) IP Address Lease Time
        Length: 4
        Value: 00000258
    Option: (t=58,l=4) Renewal Time Value = 5 minutes
        Option: (58) Renewal Time Value
        Length: 4
        Value: 0000012C
    Option: (t=59,l=4) Rebinding Time Value = 8 minutes, 45 seconds
        Option: (59) Rebinding Time Value
        Length: 4
        Value: 0000020D
    Option: (t=1,l=4) Subnet Mask = 255.255.255.0
        Option: (1) Subnet Mask
        Length: 4
        Value: FFFFFF00
    Option: (t=15,l=17) Domain Name = "corp.mydomain.com"
        Option: (15) Domain Name
        Length: 17
        Value: 636F72702E6D79646F6D61696E2E636F6D
    Option: (t=6,l=4) Domain Name Server = 10.0.0.101
        Option: (6) Domain Name Server
        Length: 4
        Value: 0A000065
    Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = H-node
        Option: (46) NetBIOS over TCP/IP Node Type
        Length: 1
        Value: 08
    Option: (t=3,l=4) Router = 10.0.0.1
        Option: (3) Router
        Length: 4
        Value: 0A000001
    End Option


Keep in mind that other DHCP server implementations may differ slightly in how the above works. For example, when interacting with a Microsoft DHCP server, the Offer and Acknowledge packets will be sent to the broadcast address, not the unicast one as the Cisco server does.

After the four-way DHCP handshake, the client may request additional information from the DHCP in the form of a DHCP Inform(ation) packet.



Go back to the main articles list.