Option 60

Unanswered Question
Mar 24th, 2009

Is Option 60 really needed or is it more of a security to keep other devices off of the wireless AP subnet ?

I just found out yesterday that since our move to a new DNS DHCP system. The option 60 was never put into the new DHCP scopes. Option 43 is there.

Any Thoughts ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Tue, 03/24/2009 - 14:14

Option 60 (Vendor Class Identifier) is included in the initial DHCP discover message that a DHCP client broadcasts in search of an IP address.

I've been in an organization where we never had to configure Option 43/60 but I did take the time of priming the AP. Once I deployed the AP, it found the WiSM within 20 seconds.

NOTE: The other reason why I prime the AP prior to deployment is so I can have a visual inspection for any factory defect.

Whatever floats your boat, in my humble opinion.

michael.lussier Wed, 03/25/2009 - 08:35

Yes we do test them prior to deployment for the same reason. I dont want to make any extra trips !

I push via DHCP only the list of controllers for AP's on that specific subnet. I should have been watching them closer when they deployed the new DNS/DHCP equipement.

From what I have read and learned over the past several days the use of option 60 VCI will either allow or deny DHCP info to devices based on the VCI string. From a secuirty stand point that would keep laptops off of your AP subnet. I just wanted to verify my understanding of this also based on the behavior of our existing system.

Leo Laohoo Wed, 03/25/2009 - 15:58

Keeping your laptop off the AP Subnet? This is achieved with VLANing your ports to separate other network hosts with your AP ... and making sure the installers follow the instructions: Plug the AP to the correct port.

zhenningx Fri, 03/27/2009 - 13:45

If you only use option 43, that will just work fine. By using option 60 and option 43 together, you can assign different WLCs to different type of APs.


l.mourits Tue, 06/30/2009 - 03:20

There is no need to have option 60 in the DHCP scope. Option 60 is send by the client upon DHCP DISCOVER and is also know as the vendor class identifier or VCI string.

What needs to be in the DHCP server is the vendor class that matches the string and maps it to option 43 sub-code 241. One entry for each type of access-point you're using.

Option 43 does not go into the scope either, instead, option 241 (the sub-code) goes in.

If configured correctly, the AP sends a VCI string which matches the vendor class in the DHCP server. Then the server maps the class to sub-code 241 and sends info in option 241 as option 43 in the DHCP offer.

Hope that helps,



This Discussion