APM-DHCP Access Policy Example and Detailed Instructions

Prepared with Mark Quevedo, F5 Principal Software Engineer May, 2020 Sectional Navigation links Important Version Notes   ||  Installation Guide   ||  What Is Going On Here?   ||  Parameters You ...
Updated Sep 08, 2023
Version 9.0
application delivery
BIG-IP Access Policy Manager (APM)
dhcp
iRules
vpn
Søren_Nielsen's avatar
Søren_Nielsen
Icon for Cirrus rankCirrus
May 01, 2020

  I have a dump with a little different parameters to get the full flow, hope that is okay - Else just say so.

I have removed the chatter to/from the other hot-standby DHCP server. 

    192.168.112.252.57786 > 192.168.112.1.67: [bad udp cksum 0x63ac -> 0x261c!] BOOTP/DHCP, Request from 0a:f5:fd:5d:d2:48, length 324, hops 1, xid 0xfd5dd248, Flags [none] (0x0000)
          Gateway-IP 10.128.1.2
          Client-Ethernet-Address 0a:f5:fd:5d:d2:48
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Vendor-Class Option 60, length 6: "f5-APM"
            Hostname Option 12, length 12: "WIN10"
            MSZ Option 57, length 2: 1344
            Lease-Time Option 51, length 4: 4294967295
            Agent-Information Option 82, length 46: 
              Circuit-ID SubOption 1, length 14: 192.168.70.100
              Remote-ID SubOption 2, length 20: 192.168.109.26:49572
              Subscriber-ID SubOption 6, length 6: sonicz out slot1/tmm3 lis= flowtype=137 flowid=5600F8E19100 peerid=0 conflags=24 inslot=0 inport=0 haunit=0 priority=2 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:16:03.797232 IP (tos 0x0, ttl 128, id 25241, offset 0, flags [none], proto UDP (17), length 350)
    192.168.112.1.67 > 10.128.1.2.67: [udp sum ok] BOOTP/DHCP, Reply, length 322, xid 0xfd5dd248, Flags [none] (0x0000)
          Your-IP 10.128.1.4
          Server-IP 192.168.112.1
          Gateway-IP 10.128.1.2
          Client-Ethernet-Address 0a:f5:fd:5d:d2:48
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Subnet-Mask Option 1, length 4: 255.255.255.0
            RN Option 58, length 4: 1800
            RB Option 59, length 4: 3150
            Lease-Time Option 51, length 4: 3600
            Server-ID Option 54, length 4: 192.168.112.1
            Agent-Information Option 82, length 46: 
              Circuit-ID SubOption 1, length 14: 192.168.70.100
              Remote-ID SubOption 2, length 20: 192.168.109.26:49572
              Subscriber-ID SubOption 6, length 6: sonicz in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=23 haunit=3 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:16:03.798794 IP (tos 0x0, ttl 255, id 4151, offset 0, flags [DF], proto UDP (17), length 364)
    10.128.1.2.67 > 192.168.112.1.67: [bad udp cksum 0x3d95 -> 0xeafa!] BOOTP/DHCP, Request, length 336, hlen 16, hops 1, xid 0xfd5dd248, Flags [none] (0x0000)
          Gateway-IP 10.128.1.2
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Server-ID Option 54, length 4: 192.168.112.1
            Requested-IP Option 50, length 4: 10.128.1.4
            Vendor-Class Option 60, length 6: "f5-APM"
            Hostname Option 12, length 12: "WIN10"
            MSZ Option 57, length 2: 1344
            Lease-Time Option 51, length 4: 4294967295
            Agent-Information Option 82, length 46: 
              Circuit-ID SubOption 1, length 14: 192.168.70.100
              Remote-ID SubOption 2, length 20: 192.168.109.26:49572
              Subscriber-ID SubOption 6, length 6: sonicz out slot1/tmm0 lis=/SecureAccess/DHCP_SA flowtype=64 flowid=560001721F00 peerid=0 conflags=100200004000324 inslot=63 inport=23 haunit=1 priority=2 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
10:16:03.799864 IP (tos 0x0, ttl 128, id 25242, offset 0, flags [none], proto UDP (17), length 328)
    192.168.112.1.67 > 10.128.1.2.67: [udp sum ok] BOOTP/DHCP, Reply, length 300, hlen 16, xid 0xfd5dd248, Flags [Broadcast] (0x8000)
          Gateway-IP 10.128.1.2
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: NACK
            Server-ID Option 54, length 4: 192.168.112.1
            Agent-Information Option 82, length 46: 
              Circuit-ID SubOption 1, length 14: 192.168.70.100
              Remote-ID SubOption 2, length 20: 192.168.109.26:49572
              Subscriber-ID SubOption 6, length 6: sonicz in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=23 haunit=3 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0