Products
- Network Security
  - Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
  - Security ServicesComprehensive security for your network security solution
  - Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
  - Capture ATPMulti-engine advanced threat detection
  - Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
  - Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
  - Secure Mobile AccessRemote, best-in-class, secure access
  - Wireless Access PointsEasy to manage, fast and secure Wi-FI
  - SwitchesHigh-speed network switching for business connectivity
- Email Security
  - Email SecurityProtect against today’s advanced email threats
- Cloud Security
  - Cloud App SecurityVisibility and security for Cloud Apps
  - Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
  - Capture ClientStop advanced threats and rollback the damage caused by malware
  - Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
  - Product Menu Right Image
  - Capture Cloud Platform
    Capture Cloud Platform
    A security ecosystem to harness the power of the cloud
- Button Widgets
  - Products A-Z
    all products A–Z FREE TRIALS
Solutions
- Industries
- Use Cases
- Solutions Widgets
  - Solutions Content Widgets
    Federal
    Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
  - Solutions Image Widgets
Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
  - Custom HTML : Partners Content WIdgets
    Partner Portal
    Access to deal registration, MDF, sales and marketing tools, training and more
  - Partners Image Widgets
Support
- Support
- Resources
- Capture Labs
- Support Widget
  - Custom HTML : Support Content WIdgets
    Support Portal
    Find answers to your questions by searching across our knowledgebase, community, technical documentation and video tutorials
  - Support Image Widgets
COMPANY
PROMOTIONS
- SonicWall Promotions
- Customer Loyalty Program
MANAGED SERVICES
Contact Sales

English English en

Support on SonicWall Products, Services and Solutions

Browse Knowledgebase by Category

Capture Security Center

Endpoint Security

Management and Reporting

Secure Mobile Access

Secure Wireless

How do I push out static routes from the SonicWall DHCP server using DHCP options?

07/30/2021 13 15065

DESCRIPTION:

How do I push out static routes from the SonicWall DHCP server using DHCP options?

RESOLUTION:

Question:

How do I push out static routes from the SonicWall DHCP server using DHCP options?

Procedure:

Scenario 1)

You want to push out a static route via DHCP for a single host on another network.

Host IP: 192.168.1.1, Gateway IP: 10.1.1.1

In this case you would use DHCP option 33.

Option 33:

List of static routes that the client should install in its routing cache. If multiple routes to the same destination are specified, they are in descending order of priority. The routes consist of a list of IP address pairs. The first address is the destination address, and the second address is the router for the destination. The default route (0.0.0.0) is an illegal destination for a static route.

The syntax for using option 33 is as followed: IPaddress;GatewayIP. So using the above mentioned IPs and gateway would look like this: 192.168.1.1;10.1.1.1

The Option type should be IP Address

Option 33 can only be used for routing to hosts as you cannot denote a subnet mask in the option value. If a subnet mask is added to the value it will cause the client PC to reject all options.

In order to route to an entire subnet, a different option and syntax would be needed.

Scenario 2)

You want to push out a static route via dhcp for an entire network.

Network: 192.168.1.0, Subnet Mask: 255.255.255.0 Gateway IP: 10.1.1.1

In this case you would use DHCP option 249

DHCP Option 249:

Microsoft Classless Static Route Option

DHCP clients and servers that implement this specification use some nonstandard options in their implementation.

The length and the data format for the Microsoft Classless Static Route Option are exactly the same as those specified for the Classless Static Route Option in [RFC3442]; the only difference is that Option Code 249 SHOULD be used instead of or in addition to Option Code 121.

Multiple routes can be sent using the option. Each classless route consists of the Destination descriptor and Router IP address elements. The number of routes included in the option can be determined by processing the option data.

Note that the router IP address is of length 4 bytes, whereas the destination descriptor length is between 1 byte and 5 bytes, depending on the subnet mask. This is described in detail as follows.

This option is sent by the DHCP server to the DHCP client in the DHCPOFFER or the DHCPACK message. It has no effect on subsequent options in that message or in any of the messages sent by the client to the server.

The syntax used for this DHCP option is similar to the syntax in option 33, but the first octet in the ip address is used to denote the netmask.

Please see the following table to define the netmask in this option:

Classless Static Route Option for DHCPv4

   Destination descriptors describe the IP subnet number and subnet mask
   of a particular destination using a compact encoding. This encoding
   consists of one octet describing the width of the subnet mask,
   followed by all the significant octets of the subnet number.

   The width of the subnet mask describes the number of one bits in the
   mask, so for example a subnet with a subnet number of 10.0.127.0 and
   a netmask of 255.255.255.0 would have a subnet mask width of 24.

   The significant portion of the subnet number is simply all of the
   octets of the subnet number where the corresponding octet in the
   subnet mask is non-zero. The number of significant octets is the
   width of the subnet mask divided by eight, rounding up, as shown in
   the following table:

        Width of subnet mask     Number of significant octets
                     0                                      0
                  1- 8                                    1
                  9-16                                   2
                 17-24                                  3
                 25-32                                  4

   The following table contains some examples of how various subnet
   number/mask combinations can be encoded:

   Subnet number   Subnet mask      Destination descriptor
   0                                  0                           0
   10.0.0.0               255.0.0.0                   8.10
   10.0.0.0               255.255.255.0           24.10.0.0
   10.17.0.0             255.255.0.0               16.10.17
   10.27.129.0         255.255.255.0           24.10.27.129
   10.229.0.128       255.255.255.128       25.10.229.0.128
   10.198.122.47     255.255.255.255       32.10.198.122.47

So using the Network and Gateway listed above, the syntax of the Option value for using option 249 is as followed:

24.192.168.1;10.1.1.1

In the first octet, we see the number ‘24’. This is used to denote the bits in the subnet mask. So a subnet mask of 255.255.255.0 is a ‘24’ bit subnet mask.

The second, third and fourth Octets denotes the network address of 192.168.1 and the 10.1.1.1 after the semi colon denotes the gateway.

The Option type should be IP Address and Option Array should be checked.

Was This Article Helpful?

Not Finding Your Answer?

ASK THE COMMUNITY

Stay In Touch