Authentication on Data Ports
On fresh boot, ZTP process is initiated from management ports and may switch to data ports. To validate the connection with DHCP server, authentication is performed on data ports through DHCP option 43 for IPv4 and option 17 for IPv6. These DHCP options are defined in option space and are included within dhcpd.conf and dhcpd6.conf configuration files. You must provide following parameters for authentication while defining option space:
-
Authentication code—The authentication code is either 0 or 1; where 0 indicates that authentication is not required, and 1 indicates that MD5 checksum is required.
-
Client identifier—The client identifier must be 'exr-config'.
-
MD5 checksum—This is chassis serial number. It can be obtained using echo -n $SERIALNUMBER | md5sum | awk '{print $1}' .
class "vendor-classes" {
match option vendor-class-identifier;
}
option space VendorInfo;
option VendorInfo.clientId code 1 = string;
option VendorInfo.authCode code 2 = unsigned integer 8;
option VendorInfo.md5sum code 3 = string
option vendor-specific code 43 = encapsulate VendorInfo;
subnet 10.65.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 10.65.2.1;
range 10.65.2.1 10.65.2.200;
}
host xrv9k-1-mgmt {
hardware ethernet 00:50:60:45:67:01;
fixed-address 10.65.2.39;
vendor-option-space VendorInfo;
option VendorInfo.clientId "exr-config";
option VendorInfo.authCode 1;
option VendorInfo.md5sum "aedf5c457c36390c664f5942ac1ae3829";
option bootfile-name "http://10.65.2.1:8800/admin-cmd.sh";
}