12-28-2017 01:42 PM - edited 12-28-2017 01:47 PM
All,
I am in the process of migrating DHCP services from a Cisco IOS-XE switch to Palo Alto 220 firewalls. DHCP is working flawlessly however I am curious about the implementation of Option 43 for disabling NetBIOS.
In the Cisco world it is implemented like this:
ip dhcp pool DHCP_USERS
option 43 hex 0104.0000.0002
I am trying to understand if the length of the option is included under the VCI or if its part of the Option Value. Here is how I currently have it configured.
Is this correct? I can't seem to find any reference examples regarding doing this on a Palo Alto Firewall.
Thanks in advance,
-Matt
01-02-2018 12:55 AM
Hi @mlinsemier,
I haven't played around with this myself but here's some extra info from the help pages :
If Option Code 43 is entered, the Vendor Class Identifier (VCI) field appears. Enter a match criterion that will be compared to the incoming VCI from the client’s Option 60. The firewall looks at the incoming VCI from the client’s Option 60, finds the matching VCI in its own DHCP server table, and returns the corresponding value to the client in Option 43. The VCI match criterion is a string or hex value. A hex value must have a “0x” prefix
This explanation seems to clarify your question ^_^
Cheers !
-Kiwi.
11-27-2018 12:05 PM
This is how I got it to work. The objective was to disable NetBIOS over TCP for all Windows systems. The Vendor Class ID determines which systems inherit the setting. "MSFT 5.0" is equal to all Windows 2000 machines and up.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
