pushing routes via DHCP

| 2 Comments | No TrackBacks

Since I came across this problem now several times in my home office network as well as at the office, I finally found a viable solution to this issue.

The Problem
When you have a network consisting of several subnets and routers at each of the boundaries looking something like this:

INET <-> router A <-> subnet1 <-> router B <-> subnet2

The issue here is, that clients in subnet1 ideally should know about both routers to reach all networks. By default they only receive one of them as a default gateway. Of course one could set a static route on each client by using some sort of logon script but a more elegant way is to use DHCP for this purpose.

After some research I finally figured out how to do this. You need to use a feature classless static route1 which is of course documented in the corresponding RFC3442 (but hardly anywhere else). This option is supported by Windows 2k, XP, and upwards.

So to get dhcpd to serve this new option I did some further googling and came across this post with a solution for dhcpd3 by John Robinson:

# MS routes: adds extras to supplement routers option
option ms-classless-static-routes code 249 = array of integer 8;
# RFC3442 routes: overrides routers option
option rfc3442-classless-static-routes code 121 = array of integer 8;
option routers;
option ms-classless-static-routes 24, 172, 22, 99, 172, 22, 0, 1 ;
option rfc3442-classless-static-routes 24, 172, 22, 99, 172, 22, 
0, 1, 0, 172, 22, 0, 1 ;

The first two lines define the new commands to point to the corresponding option codes. These have to be in the global section. The rest of the lines can be specific to any of the other section if desired. The format for the information passed to the options is encoded in the following format:

If you want to supply a static route as follows: (equivalent to netmask of with a gateway of you write the address as follows:

option ms-classless-static-routes 24, 192, 168, 1, 192, 168, 1, 1;

As also mentioned in the original post, it is required to supply the default gateway if using classless static routing. In the above example, this is done by the appended route

0, 1, 0, 172, 22, 0, 1 ;

equivalent to a default gateway of

I hope this post will help some people running into the same kind of issues that I came across. Any thoughts welcome.

1 The option code is 121, grep for that in the RFC for further information

No TrackBacks

TrackBack URL: http://thomasjaehnel.com/cgi-bin/mt/mt-tb.cgi/49


_On a side note:_ you do need dhcpd3 for this to work properly.

Learned something new today. If you connect a windows 7 machine to this network, you need to remove the rfc option, otherwise windows 7 will reject the dhcp offer and just use a self-assigned address.

Leave a comment

Click here to add a video comment!

About this Entry

This page contains a single entry by Thomas Jaehnel published on January 15, 2010 7:02 PM.

Attacks on browser-based content sniffing was the previous entry in this blog.

LDAP groups not showing up (immediately) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Creative Commons License
This blog is licensed under a Creative Commons License.
homemade code GmbH
powered by homemade code GmbH ~ the application security experts!