In the last installment of this article I said I would explain how the Weird Solutions DHCP server recognizes which vendor’s vendor-specific options are present, how you can make decisions using these options, and how to define vendor-specific options that will be sent to a device.
To recap, vendor-specific options are DHCP options that are not internationally standardized, are specific to a particular vendor, and are all carried inside an internationally standardized option (43 or 125 for DHCPv4, 17 for DHCPv6).
Let’s start with option 43, the oldest DHCP vendor-specific option.
When attempting to decode the options found inside option 43, the DHCP server must figure out what kind of device it’s communicating with. The server will do this by analyzing the packet for some type of signature that tells it who manufactured the device.
Luckily for us, option 60 (Class Identifier) is specifically for this purpose. Before decoding the vendor-specific options, the DHCP server looks for option 60, pulls the text out of that option, then compares that text to vendor-class entries in its database.
If a vendor-class entry matches, the DHCP server takes the device identifier from that entry and extracts the IANA enterprise ID. This is the vendor id. Using the vendor id, the server can then decide which options to expect when decoding option 43.
The DHCP server requires that option 60 be present in order to be able to decode option 43. By extension, you must define option 60 in any DHCP policy for which you expect to add vendor-specific options. You do not have to define option 60 in order for the server to be able to decode option 43 – only if you want to put vendor-specific options in a policy and have those options transmitted back to a device. When defining option 60 in a policy, you can set any text you want, but it must be something that matches a device manufactured by that vendor. (In other words, the text must match something found in the vendor-class records).
DHCPv4 option 125 and DHCPv6 option 17 are also vendor-specific options. These options are referred to as Vendor-Identifying Vendor Specific Options (VI-VSO), which simply means that they carry enough information inside them to encode or decode the options they hold.
When defining a VS-VSO, you are presented with two options that can be placed inside: the vendor identifier and the “Options”. You should first define the IANA enterprise ID (vendor id) for the options you wish to encode, after which you can define vendor-specific options inside the “Options” option.
One important thing to note is that the Weird Solutions DHCP server does not automatically pick which vendor-specific options should be sent to a device. Instead, since all policies participate in access control, you should ensure that policies with vendor-specific options are only made available to devices that can understand and use those options.