How do I push out static routes from the SonicWall DHCP server using DHCP options?

07/30/2021 13 People found this article helpful 33,793 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

How do I push out static routes from the SonicWall DHCP server using DHCP options?

Resolution

Question:

How do I push out static routes from the SonicWall DHCP server using DHCP options?

Procedure:

Scenario 1)

You want to push out a static route via DHCP for a single host on another network.

Host IP: 192.168.1.1, Gateway IP: 10.1.1.1

In this case you would use DHCP option 33.

Option 33:

List of static routes that the client should install in its routing cache. If multiple routes to the same destination are specified, they are in descending order of priority. The routes consist of a list of IP address pairs. The first address is the destination address, and the second address is the router for the destination. The default route (0.0.0.0) is an illegal destination for a static route.

The syntax for using option 33 is as followed: IPaddress;GatewayIP. So using the above mentioned IPs and gateway would look like this: 192.168.1.1;10.1.1.1

The Option type should be IP Address

Option 33 can only be used for routing to hosts as you cannot denote a subnet mask in the option value. If a subnet mask is added to the value it will cause the client PC to reject all options.

In order to route to an entire subnet, a different option and syntax would be needed.

Scenario 2)

You want to push out a static route via dhcp for an entire network.

Network: 192.168.1.0, Subnet Mask: 255.255.255.0 Gateway IP: 10.1.1.1

In this case you would use DHCP option 249

DHCP Option 249:

Microsoft Classless Static Route Option

DHCP clients and servers that implement this specification use some nonstandard options in their implementation.

The length and the data format for the Microsoft Classless Static Route Option are exactly the same as those specified for the Classless Static Route Option in [RFC3442]; the only difference is that Option Code 249 SHOULD be used instead of or in addition to Option Code 121.

Multiple routes can be sent using the option. Each classless route consists of the Destination descriptor and Router IP address elements. The number of routes included in the option can be determined by processing the option data.

Note that the router IP address is of length 4 bytes, whereas the destination descriptor length is between 1 byte and 5 bytes, depending on the subnet mask. This is described in detail as follows.

This option is sent by the DHCP server to the DHCP client in the DHCPOFFER or the DHCPACK message. It has no effect on subsequent options in that message or in any of the messages sent by the client to the server.

The syntax used for this DHCP option is similar to the syntax in option 33, but the first octet in the ip address is used to denote the netmask.

Please see the following table to define the netmask in this option:

Classless Static Route Option for DHCPv4   

   Destination descriptors describe the IP subnet number and subnet mask
   of a particular destination using a compact encoding.  This encoding
   consists of one octet describing the width of the subnet mask,
   followed by all the significant octets of the subnet number.

   The width of the subnet mask describes the number of one bits in the
   mask, so for example a subnet with a subnet number of 10.0.127.0 and
   a netmask of 255.255.255.0 would have a subnet mask width of 24.

   The significant portion of the subnet number is simply all of the
   octets of the subnet number where the corresponding octet in the
   subnet mask is non-zero.  The number of significant octets is the
   width of the subnet mask divided by eight, rounding up, as shown in
   the following table:

        Width of subnet mask     Number of significant octets
                     0                                      0
                  1- 8                                    1
                  9-16                                   2
                 17-24                                  3
                 25-32                                  4

   The following table contains some examples of how various subnet
   number/mask combinations can be encoded:

   Subnet number   Subnet mask      Destination descriptor
   0                                  0                           0
   10.0.0.0               255.0.0.0                   8.10
   10.0.0.0               255.255.255.0           24.10.0.0
   10.17.0.0             255.255.0.0               16.10.17
   10.27.129.0         255.255.255.0           24.10.27.129
   10.229.0.128       255.255.255.128       25.10.229.0.128
   10.198.122.47     255.255.255.255       32.10.198.122.47

So using the Network and Gateway listed above, the syntax of the Option value for using option 249 is as followed:

24.192.168.1;10.1.1.1

In the first octet, we see the number ‘24’. This is used to denote the bits in the subnet mask. So a subnet mask of 255.255.255.0 is a ‘24’ bit subnet mask.

The second, third and fourth Octets  denotes the network address of 192.168.1 and the 10.1.1.1 after the semi colon denotes the gateway.

The Option type should be IP Address and  Option Array should be checked.

Related Articles

• How to enable and configure NTP?
• Cannot edit App Control Signatures, "Error: property 'value' can't be empty value"
• SSL-VPN 2FA: How to unbind TOTP for a single user or multiple users

Categories

• Firewalls > TZ Series
• Firewalls > SonicWall SuperMassive E10000 Series
• Firewalls > SonicWall SuperMassive 9000 Series
• Firewalls > SonicWall NSA Series