Check-Mac-Address
These scenarios show how the
check-mac-address feature works for the DHCP server
Test Check MAC Address
Description
The check-mac-address option filters packets if there are differences between the MAC address found at the ethernet header and the MAC address found in the DHCP packet.
To check this option, you should send packets with these differences and enable this option to see if warnings appear in your logs.
Also, this test checks how the server behaves under normal conditions.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set service dhcp-server shared-network dhcp subnet 10.0.0.0/24 start 10.0.0.5 stop 10.0.0.5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 02 10:48:47.517982 osdx cfgd[1665]: [503934]Completed change to active configuration Jun 02 10:48:47.518925 osdx dhcpd[510679]: Wrote 0 leases to leases file. Jun 02 10:48:47.529236 osdx OSDxCLI[503934]: User 'admin' committed the configuration. Jun 02 10:48:47.545809 osdx OSDxCLI[503934]: User 'admin' left the configuration menu. Jun 02 10:48:47.608303 osdx dhcpd[510679]: Server starting service. Jun 02 10:48:47.687086 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:48:48.478819 osdx dhcpd[510679]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 02 10:48:49.479317 osdx dhcpd[510679]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0 Jun 02 10:48:49.530775 osdx dhcpd[510679]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 02 10:48:49.530798 osdx dhcpd[510679]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0
Step 3: Modify the following configuration lines in DUT0 :
set service dhcp-server check-mac-address
Step 4: Run command system journal clear at DUT0.
Step 5: Run command system journal show | tail at DUT0 and check if output does not contain the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 02 10:48:50.402006 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 3.5M, max 13.8M, 10.2M free. Jun 02 10:48:50.404140 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 10:48:50.404206 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 10:48:50.406236 osdx sudo[510743]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 10:48:50.412908 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal clear'.
Step 6: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)Show output
Jun 02 10:48:50.402006 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 3.5M, max 13.8M, 10.2M free. Jun 02 10:48:50.404140 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 10:48:50.404206 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 10:48:50.406236 osdx sudo[510743]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 10:48:50.412908 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal clear'. Jun 02 10:48:50.484991 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:48:50.569157 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:48:50.582690 osdx dhcpd[510735]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01) Jun 02 10:48:51.626665 osdx dhcpd[510735]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)
Step 7: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mac '10:00:00:00:00:05' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Modify the following configuration lines in DUT1 :
set interfaces ethernet eth0 address dhcp
Step 9: Run command interfaces ethernet eth0 show at DUT1 and check if output contains the following tokens:
10.0.0.5Show output
----------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ----------------------------------------------------------------- eth0 10.0.0.5/24 up up fe80::dcad:beff:feef:6c10/64
Step 10: Run command service dhcp-server show leases main | grep 10.0.0.5 at DUT0 and check if output contains the following tokens:
10:00:00:00:00:05Show output
10.0.0.5 10:00:00:00:00:05 2026/06/02 10:48:54 2026/06/02 22:48:54 2026/06/02 10:48:54
Test Check MAC Address VRF
Description
This scenario configures a DHCP server with VRF instead of regular interfaces and checks the check-mac-address option.
To check this option, you will need to send packets with differences in the Source MAC for the link layer and the client MAC from the application layer.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces ethernet eth0 vrf VRF0 set service dhcp-server shared-network dhcp local-vrf VRF0 set service dhcp-server shared-network dhcp subnet 10.0.0.0/24 start 10.0.0.5 stop 10.0.0.6 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf VRF0
Step 2: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 02 10:49:01.569464 osdx cfgd[1665]: [503934]Completed change to active configuration Jun 02 10:49:01.570210 osdx dhcpd[511086]: Wrote 0 leases to leases file. Jun 02 10:49:01.583677 osdx OSDxCLI[503934]: User 'admin' committed the configuration. Jun 02 10:49:01.599544 osdx OSDxCLI[503934]: User 'admin' left the configuration menu. Jun 02 10:49:01.695438 osdx dhcpd[511086]: Server starting service. Jun 02 10:49:01.756225 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:49:02.261876 osdx dhcpd[511086]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 02 10:49:03.262492 osdx dhcpd[511086]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0 Jun 02 10:49:03.301313 osdx dhcpd[511086]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 02 10:49:03.301333 osdx dhcpd[511086]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0
Step 3: Modify the following configuration lines in DUT0 :
set service dhcp-server check-mac-address
Step 4: Run command system journal clear at DUT0.
Step 5: Run command system journal show | tail at DUT0 and check if output does not contain the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 02 10:49:04.559922 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 10:49:04.563330 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 10:49:04.563391 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 10:49:04.564223 osdx sudo[511150]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 10:49:04.572477 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal clear'.
Step 6: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)Show output
Jun 02 10:49:04.559922 osdx systemd-journald[148515]: Runtime Journal (/run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e) is 1.8M, max 13.8M, 11.9M free. Jun 02 10:49:04.563330 osdx systemd-journald[148515]: Received client request to rotate journal, rotating. Jun 02 10:49:04.563391 osdx systemd-journald[148515]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a0363f0a73514b24b35c4ba7ae73dc6e. Jun 02 10:49:04.564223 osdx sudo[511150]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 02 10:49:04.572477 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal clear'. Jun 02 10:49:04.642927 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:49:04.750418 osdx OSDxCLI[503934]: User 'admin' executed a new command: 'system journal show | tail'. Jun 02 10:49:05.437373 osdx dhcpd[511142]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01) Jun 02 10:49:06.501303 osdx dhcpd[511142]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)
Step 7: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mac '10:00:00:00:00:05' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Modify the following configuration lines in DUT1 :
set interfaces ethernet eth0 address dhcp
Step 9: Run command interfaces ethernet eth0 show at DUT1 and check if output contains the following tokens:
10.0.0.5Show output
----------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ----------------------------------------------------------------- eth0 10.0.0.5/24 up up fe80::dcad:beff:feef:6c10/64
Step 10: Run command service dhcp-server show leases VRF0 | grep 10.0.0.5 at DUT0 and check if output contains the following tokens:
10:00:00:00:00:05Show output
10.0.0.5 10:00:00:00:00:05 2026/06/02 10:49:09 2026/06/02 22:49:09 2026/06/02 10:49:09