Skip to main content
Network Security & Firewall CLI

DHCP Option 43 — Verified Syntax, Flags & Troubleshooting Tips

4 min read

DHCP option 43 is a vendor‑specific DHCP option defined in RFC 2132 that returns one or more WLC management IP addresses to lightweight APs during discovery.

! Cisco IOS DHCP pool configuration
ip dhcp pool <pool-name>
 network <network-address> <subnet-mask>
 default-router <default-gateway>
 dns-server <dns-ip>
! Add option 43 with hex-encoded WLC IPs
option 43 hex <hexadecimal-string>

Syntax

Configure DHCP option 43 on a Cisco IOS DHCP server:

! Create a DHCP pool
ip dhcp pool <pool-name>
 network <network-address> <subnet-mask>
 default-router <default-gateway>
 dns-server <dns-ip>
! Add option 43 with hex-encoded WLC IPs
option 43 hex <hexadecimal-string>

On a Microsoft DHCP server, define a custom option with type String and enter the hex value. On Linux ISC DHCP, use:

option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;
subnet 192.168.247.0 netmask 255.255.255.0 {
    option routers 192.168.247.1;
    option subnet-mask 255.255.255.0;
    option Cisco_LWAPP_AP.server-address 192.168.10.5, 192.168.10.20;  # DHCP option 43 via space
}

Options and Flags

Flag / Parameter Type Default Description
option 43 hex String (hex) N/A Raw hex string containing the TLV‑encoded sub‑options (vendor code + length + IPs)
option Cisco_LWAPP_AP.server-address IP array N/A ISC DHCP vendor‑space shorthand; automatically formats option 43 as sub‑option 241
sub‑option code Integer (1 byte) 241 (Cisco) Vendor‑specific sub‑option code; Cisco uses 0xf1 (241) for LWAPP, RUCKUS uses other codes
length Integer (1 byte) Derived from IP count Number of bytes in the sub‑option data (4 bytes per IP)
See also  Tunnel 2.0 Command Reference: Syntax, Flags & Use Cases

Usage Examples

Example 1: Cisco LWAPP – two WLCs (192.168.10.5 and 192.168.10.20)

Construct hex: Type=0xf1, Length=0x08 (2 × 4 bytes), Data=0xc0a80a05c0a80a14.

! Cisco IOS DHCP pool
ip dhcp pool WIRELESS_CLIENTS
 network 192.168.20.0 255.255.255.0
 default-router 192.168.20.1
 dns-server 192.168.20.10
 option 43 hex f108c0a80a05c0a80a14

The hex string f108c0a80a05c0a80a14 breaks down as f1 (sub‑option 241), 08 (length 8 bytes), then two IPs in hex (c0a80a05 = 192.168.10.5, c0a80a14 = 192.168.10.20).

Example 2: RUCKUS AP – single controller (10.0.0.1) with vendor code

RUCKUS requires a masked option 43; vendor code varies. Below uses vendor code 0x00 and sub‑option code 0x01 (common for RUCKUS). For a single IP, hex: 00 01 04 0a000001.

! RUCKUS format on ISC DHCP (using vendor space)
option space Ruckus_AP;
option Ruckus_AP.server-address code 1 = array of ip-address;
subnet 10.0.0.0 netmask 255.255.255.0 {
    option routers 10.0.0.1;
    option Ruckus_AP.server-address 10.0.0.1;  # auto-encodes option 43
}

Example 3: Cisco EWC (Embedded Wireless Controller) – conversion method

EWC uses sub‑option code 0xf2. For a single WLC at 192.168.1.100, the hex is f204c0a80164.

! Cisco IOS
option 43 hex f204c0a80164

Here f2 is the EWC sub‑option, 04 length, c0a80164 = 192.168.1.100.

Troubleshooting & Common Errors

Error / Symptom Root Cause Resolution Command / Action
AP shows “Option 43 not received” in logs DHCP server not configured to send option 43, or AP VCI not matched Verify DHCP pool includes option 43 hex …. Use debug: debug ip dhcp server events on Cisco IOS.
AP gets IP but no WLC join – hex mis‑format Incorrect sub‑option code or length; IPs in wrong order Recalculate hex manually: printf '%02x' <subopt> <len> <ip1> <ip2>…. Test with online generator.
Microsoft DHCP – option 43 not applied to clients Option configured as scope option instead of server option; AP not matching class In DHCP MMC, add option 43 as a scope option (String, hex entered as byte pairs without spaces).
ISC DHCP – “option 43” untrusted Vendor class not defined or option space mismatch Define vendor option space before subnet: option space Cisco_LWAPP_AP; option Cisco_LWAPP_AP.server-address code 241 = ip-address;
RUCKUS AP ignores option 43 Vendor code mask missing or wrong sub‑option Use hex format 00 01 04 <IP> (vendor code 0x00, sub‑option 0x01). See RUCKUS KB.
See also  tcpdump Command in Linux: Syntax, Flags, and Examples

Frequently Asked Questions

What is the difference between hex-encoded and ASCII-encoded DHCP option 43 values?

Answer: Hex-encoded stores raw binary bytes; ASCII uses human-readable characters.

Hex encoding is mandatory for vendor-specific suboptions (e.g., type-length-value format). ASCII encoding is simpler but limited to printable characters and lacks precise byte control. For Cisco lightweight APs, use hex with separate type and length bytes, e.g., 

option 43 hex f1040a0a0a0a

where f1 is suboption type 1, 04 is length, and 0a0a0a0a is the IP.

When should I use the “vendor-encapsulated-options” subcommand in ISC DHCP?

Answer: Use it inside a vendor class block (matching option 60) to send option 43 only to devices of that vendor, avoiding network-wide broadcast.

This provides granular control. Example for Cisco APs:

class "Cisco" {
  match if option vendor-class-identifier = "Cisco AP c1300";
  option vendor-encapsulated-options f1:04:0a:0a:0a:0a;
}

This ensures only Cisco devices receive the AP controller IP.

Does DHCP option 43 work on AWS VPC DHCP Options Sets?

Answer: No.

Custom options like 43 are unsupported. Workarounds: deploy a DHCP relay agent on an EC2 instance (e.g., ISC DHCP in relay mode) or run a standalone DHCP server on a subnet. For cloud-native provisioning, consider DNS SRV records or cloud-init.

What is the fastest way to encode DHCP option 43 hex for Cisco APs using CLI?

Answer: Use printf to convert ASCII to hex, then prepend type (0xf1) and length bytes.

Complete one-liner for a controller IP 10.0.0.1:

echo -n '01040a000001' | xxd -r -p | xxd -p

Or use python3 -c "import binascii; print(binascii.hexlify(b'xf1x04x0ax00x00x01'))" for full TLV. Validate with tcpdump or dhcping.

See also  tracert (Windows traceroute) Command Syntax & Troubleshooting