2 Replies Latest reply on Apr 5, 2018 2:17 PM by evanh

    Bluesocket Controller Discovery / Option 43 / Option 60 / Option 55 (Juniper SRX)

    execusupport New Member

      We've recently delved into the world of Bluesocket APs, and I've been trying to sort out how to configure our managed routers (mainly Junipers, Ciscos, and Adtrans) to provide Option 43 info to them via DHCP.

       

      The Adtran, as expected, was a cinch. 

       

      The Juniper SRX router, however, was anything but.

       

      I started out testing with BSAP 3040s running 3.0.1-HB-646847.  Packet captures did show the APs sending the appropriate Option 60 value (BlueSecure.AP1500) in their DHCP Discovery packets.  However, no matter what I did, as per packet captures, the Juniper SRX router would simply not send any option 43 info down to the AP in its DHCP Offers.  (I followed the suggested config in the  'vWLAN AP Discovery.pdf' along with every other variant I could think of.)

       

      I did get things working with "set access address-assignment pool AP_DHCP_Pool family inet dhcp-attributes server-identifier <controller_IP>", but as that wasn't related to option 43, I consider that blind luck and don't consider it a viable/sustainable solution.  Eventually, I had a JTAC case opened, which is still in progress.

       

      I have since revisited my lab, but this time using a BSAP 1940 running 3.0.1-HB-646847.  Much to my surprise, the Juniper SRX router had no issues sending option 43 info on to that device, with the following config doing the trick:

       

      i.e.

       

      set access address-assignment pool AP_DHCP_Pool family inet dhcp-attributes option 43 string <Controller_IP>

      set access address-assignment pool AP_DHCP_Pool family inet dhcp-attributes option 60 string BlueSecure.AP1500

       

      When I looked a little more closely at the captures for the DHCP Discovery packets from each AP, I did find one notable difference.

       

      The BSAP 1940 was listing option 43 in its DHCP Parameter Request list (option 55), while the BSAP 3040s were not. 

       

      From what I've read, I was under the impression that option 60 was what informed the DHCP server that the requesting host was to be sent option 43 info.  However, it seems as though the Juniper only sends the required info on to the AP if option 43 is explicitly listed in its option 55 DHCP parameter request list.  So either the Juniper isn't handling the option 60 info the right way, or my understanding of this whole process is in error, and option 55 also factors in somehow?

       

      I still have a ticket opened with JTAC to determine if this is correct behaviour on the part of the SRX router.  However, the tech that I've been speaking with is fairly confident that the AP needs to send a request for option 43 in its option 55 parameter request list if this is going to work.

       

      So that begs the questions....

       

      1) Does option 43 need to be explicitly requested in option 55's parameter request list for this to work at all?  Or should everything function properly with just option 60 being sent with the correct info?

       

      2) Why are the BSAP 3040s not sending option 43 along in their option 55 parameter request lists, as the BSAP 1940s appear to be doing?

        • Re: Bluesocket Controller Discovery / Option 43 / Option 60 / Option 55 (Juniper SRX)
          execusupport New Member

          I haven't really gotten a straight answer anywhere I've looked for this, but according to RFC 2132 (DHCP Options and BOOTP Vendor Extensions), it doesn't seem to be a requirement that DHCP servers respond to option 60 with option 43.  Here's the relevant portion of that RFC, taken from Section 9.1.3 - Vendor Class Identifier:

           

          Servers not equipped to interpret the class-specific information sent by a client MUST ignore it (although it may be reported). Servers that respond SHOULD only use option 43 to return the vendor-specific information to the client.  The code for this option is 60.

           

          So even if a server does recognize the option 60 info, the wording indicates it *should* use option 43 to respond, but not that it *must*.

           

          I also opened a case with Adtran Tech Support to find out why the BSAP 3040s do not explicitly request option 43 in their option 55 DHCP parameter request list, while the BSAP 1940s do, and it was confirmed that this is a known issue "that is fixed for the next release of vWLAN 3.2".

           

          In case it helps anybody else, here was the relevant portion of the JDHCP config on the Juniper SRX router that worked with the BSAP 1940 models:

           

          set access address-assignment pool AP_DHCP_Pool family inet dhcp-attributes option 43 string <Controller_IP_Address>

          set access address-assignment pool AP_DHCP_Pool family inet dhcp-attributes option 60 string BlueSecure.AP1500