Check-Mac-Address
These scenarios show how the
check-mac-address feature works for the DHCP server
Test Check MAC Address
Description
The check-mac-address option filters packets if there are differences between the MAC address found at the ethernet header and the MAC address found in the DHCP packet.
To check this option, you should send packets with these differences and enable this option to see if warnings appear in your logs.
Also, this test checks how the server behaves under normal conditions.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set service dhcp-server shared-network dhcp subnet 10.0.0.0/24 start 10.0.0.5 stop 10.0.0.5 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 24 16:01:16.431493 osdx cfgd[1460]: [563958]Completed change to active configuration Jun 24 16:01:16.432080 osdx dhcpd[587428]: Wrote 0 leases to leases file. Jun 24 16:01:16.445287 osdx OSDxCLI[563958]: User 'admin' committed the configuration. Jun 24 16:01:16.469874 osdx OSDxCLI[563958]: User 'admin' left the configuration menu. Jun 24 16:01:16.481452 osdx dhcpd[587428]: Server starting service. Jun 24 16:01:16.609130 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:17.234114 osdx dhcpd[587428]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 24 16:01:18.235136 osdx dhcpd[587428]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0 Jun 24 16:01:18.283077 osdx dhcpd[587428]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 24 16:01:18.283124 osdx dhcpd[587428]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0
Step 3: Modify the following configuration lines in DUT0 :
set service dhcp-server check-mac-address
Step 4: Run command system journal clear at DUT0.
Step 5: Run command system journal show | tail at DUT0 and check if output does not contain the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 24 16:01:19.515461 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.1M free. Jun 24 16:01:19.517315 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 16:01:19.517383 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 16:01:19.519792 osdx sudo[587492]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 16:01:19.528789 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal clear'.
Step 6: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)Show output
Jun 24 16:01:19.515461 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.1M, max 15.3M, 13.1M free. Jun 24 16:01:19.517315 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 16:01:19.517383 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 16:01:19.519792 osdx sudo[587492]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 16:01:19.528789 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal clear'. Jun 24 16:01:19.699327 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:19.820510 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:20.369969 osdx dhcpd[587484]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01) Jun 24 16:01:21.413921 osdx dhcpd[587484]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)
Step 7: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mac '10:00:00:00:00:05' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Modify the following configuration lines in DUT1 :
set interfaces ethernet eth0 address dhcp
Step 9: Run command interfaces ethernet eth0 show at DUT1 and check if output contains the following tokens:
10.0.0.5Show output
----------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ----------------------------------------------------------------- eth0 10.0.0.5/24 up up fe80::dcad:beff:feef:6c10/64
Step 10: Run command service dhcp-server show leases main | grep 10.0.0.5 at DUT0 and check if output contains the following tokens:
10:00:00:00:00:05Show output
10.0.0.5 10:00:00:00:00:05 2025/06/24 16:01:24 2025/06/25 04:01:24 2025/06/24 16:01:24
Test Check MAC Address VRF
Description
This scenario configures a DHCP server with VRF instead of regular interfaces and checks the check-mac-address option.
To check this option, you will need to send packets with differences in the Source MAC for the link layer and the client MAC from the application layer.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.0.0.1/24 set interfaces ethernet eth0 vrf VRF0 set service dhcp-server shared-network dhcp local-vrf VRF0 set service dhcp-server shared-network dhcp subnet 10.0.0.0/24 start 10.0.0.5 stop 10.0.0.6 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrf VRF0
Step 2: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 24 16:01:31.659965 osdx cfgd[1460]: [563958]Completed change to active configuration Jun 24 16:01:31.661133 osdx dhcpd[587830]: Wrote 0 leases to leases file. Jun 24 16:01:31.671088 osdx OSDxCLI[563958]: User 'admin' committed the configuration. Jun 24 16:01:31.694125 osdx OSDxCLI[563958]: User 'admin' left the configuration menu. Jun 24 16:01:31.722496 osdx dhcpd[587830]: Server starting service. Jun 24 16:01:31.842158 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:32.102479 osdx dhcpd[587830]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 24 16:01:33.103178 osdx dhcpd[587830]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0 Jun 24 16:01:33.142626 osdx dhcpd[587830]: DHCPDISCOVER from 10:00:00:00:00:02 via eth0 Jun 24 16:01:33.142649 osdx dhcpd[587830]: DHCPOFFER on 10.0.0.5 to 10:00:00:00:00:02 via eth0
Step 3: Modify the following configuration lines in DUT0 :
set service dhcp-server check-mac-address
Step 4: Run command system journal clear at DUT0.
Step 5: Run command system journal show | tail at DUT0 and check if output does not contain the following tokens:
DHCPDISCOVER from 10:00:00:00:00:02 via eth0Show output
Jun 24 16:01:34.623773 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free. Jun 24 16:01:34.626342 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 16:01:34.626405 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 16:01:34.629159 osdx sudo[587894]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 16:01:34.642892 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal clear'.
Step 6: Run command system journal show | tail at DUT0 and check if output contains the following tokens:
MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)Show output
Jun 24 16:01:34.623773 osdx systemd-journald[165652]: Runtime Journal (/run/log/journal/a9c8f5b24ca148a6b10e0198640df300) is 2.0M, max 15.3M, 13.3M free. Jun 24 16:01:34.626342 osdx systemd-journald[165652]: Received client request to rotate journal, rotating. Jun 24 16:01:34.626405 osdx systemd-journald[165652]: Vacuuming done, freed 0B of archived journals from /run/log/journal/a9c8f5b24ca148a6b10e0198640df300. Jun 24 16:01:34.629159 osdx sudo[587894]: pam_limits(sudo:session): invalid line '@200:215 hard maxlogins ' - skipped Jun 24 16:01:34.642892 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal clear'. Jun 24 16:01:34.712810 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:34.843482 osdx OSDxCLI[563958]: User 'admin' executed a new command: 'system journal show | tail'. Jun 24 16:01:35.266364 osdx dhcpd[587886]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01) Jun 24 16:01:36.314240 osdx dhcpd[587886]: MAC received in DHCP packet (10:00:00:00:00:02) is different than source MAC in ethernet header (10:00:00:00:00:01)
Step 7: Set the following configuration in DUT1 :
set interfaces ethernet eth0 mac '10:00:00:00:00:05' set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Modify the following configuration lines in DUT1 :
set interfaces ethernet eth0 address dhcp
Step 9: Run command interfaces ethernet eth0 show at DUT1 and check if output contains the following tokens:
10.0.0.5Show output
----------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ----------------------------------------------------------------- eth0 10.0.0.5/24 up up fe80::dcad:beff:feef:6c10/64
Step 10: Run command service dhcp-server show leases VRF0 | grep 10.0.0.5 at DUT0 and check if output contains the following tokens:
10:00:00:00:00:05Show output
10.0.0.5 10:00:00:00:00:05 2025/06/24 16:01:39 2025/06/25 04:01:39 2025/06/24 16:01:39