Jump to content
Welcome to our new Citrix community!

Persistence based on DHCP option 61


Recommended Posts

We are working on a load balaning setup of Cisco ISE in Netscaler ADC.

In Big-IP F5 it is fairly easy to setup persistence based on DHCP option 61 (dhcp-client-identifier / MAC address) using iRules for use with load balancing of "DHCP profiling".

Is it possible to extract the same information from a DHCP packet in Netscaler ADC to use as RULE based persistence data?

 

We are basically trying to replicate the F5 setup explained here:
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159#toc-hId--1824694487

Link to comment
Share on other sites

15 hours ago, Gunther De Poortere said:

Hi Eirik,

 

I don't think this is possible. For UDP or DHCPRA vserver type, persistency types are limited to SRCIP, DSTIP & SRCIPDSTIP.

Thank you for your answer.

I should have mentioned that we where planning on using the ANY vserver type because of this, as ANY supports RULE based persistence.

Allowed traffic could be restricted by a listen policy on the vserver.

The problem is getting the data from DHCP option 61 (dhcp-client-identifier).

Link to comment
Share on other sites

Oh okay, yes you can do rule-based persistence there. I don't think there's a way to get a specific DHCP option, but you can get the MAC address with the CLIENT.ETHER.SRCMAC expression. More details can be found in the policy reference guide at https://developer-docs.citrix.com/projects/citrix-adc-advanced-policy-expression-reference/en/latest/ether_req_protocol_t/.

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...