Disabling NetBIOS with DHCP Option 43

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

Disabling NetBIOS with DHCP Option 43

All,

 

I am in the process of migrating DHCP services from a Cisco IOS-XE switch to Palo Alto 220 firewalls.  DHCP is working flawlessly however I am curious about the implementation of Option 43 for disabling NetBIOS. 


In the Cisco world it is implemented like this:

 

ip dhcp pool DHCP_USERS

  option 43 hex 0104.0000.0002


I am trying to understand if the length of the option is included under the VCI or if its part of the Option Value.  Here is how I currently have it configured.

 

image.png

 

Is this correct?  I can't seem to find any reference examples regarding doing this on a Palo Alto Firewall.


Thanks in advance,

 

-Matt

 

Highlighted
Community Team Member

Hi @mlinsemier,

 

I haven't played around with this myself but here's some extra info from the help pages :

 

If Option Code 43 is entered, the Vendor Class Identifier (VCI) field appears. Enter a match criterion that will be compared to the incoming VCI from the client’s Option 60. The firewall looks at the incoming VCI from the client’s Option 60, finds the matching VCI in its own DHCP server table, and returns the corresponding value to the client in Option 43. The VCI match criterion is a string or hex value. A hex value must have a “0x” prefix

 

 

This explanation seems to clarify your question ^_^

 

Cheers !

-Kiwi.

Highlighted
L3 Networker

This is how I got it to work. The objective was to disable NetBIOS over TCP for all Windows systems. The Vendor Class ID determines which systems inherit the setting. "MSFT 5.0" is equal to all Windows 2000 machines and up.

 

Option43.jpg

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!