About "Default Routing and Remote Access Class"
The following is a question i received from one of the internal groups and my answer to the same. I hope you find the information usefull.
Question:
I am trying to configure options to be applied specifically to workstations that make a vpn connection. The workstations appear to get all options that are set on the dhcp server as long as they are "Default User Class" options but as soon as I set an option to "Default Routing and Remote Access Class" the workstations no longer get the options.
I have run the command on the client "ipconfig /setclassid test "Default Routing and Remote Access Class" where test is the name of the vpn connectoid.
The client gets an ip address and the ipconfig output even shows "DHCP Class ID: Default Routing and Remote Access Class" but it still fails to get the options.
I even moved the client to the local lan and set the class on the NIC to rule out RRAS but still don't get the options applied. In my tests, Windows 2003 DHCP is not assigning options based on the clients class-id of "Default Routing and Remote Access Class".
Can a client have multiple classes?
Does it send all classes in a DHCP inform?
If so, how does DHCP determine which class to select from?
If I change the class-id on a client to be "Default Routing and Remote Access Class" so that I can set specific options on the machine when it is in the field, must I remove or change that class on the workstation when it returns to the LAN?
Answer:
Let me clarify first of all that the class "Default Routing and Remote Access Class" is a predefined user class meant to used as a way to identify clients which are getting network access using VPN. These clients first talk to the VPN server to get connectivity. The VPN server tries to get the ip address for the remote client by talking to the DHCP server. The DHCP server assigns the VPN server set of addresses from which the VPN server assigns to the remote clients. Now that the remote client gets an IP address, it tries to get all other configuration information directly from the DHCP server through DHCP INFORM packets. When the DHCP server recieves the INFORMS from such remote clients, it identifies that these clients are belonging to the "Default Routing and Remote Access Class" through an internal mechanism and it picks up the configuration present under the class "Default Routing and Remote Access Class". This is how this user class is meant to be used.
Regarding your other specific questions:
Can a client have multiple classes? No. It can have atmost one user class and one vendor class. If it does not have a expliclty defined user/vendor class, it is assumed to belong to the Default User/Vendor class.
Does it send all classes in a DHCP inform? : NA. See answer to previous question.
If so, how does DHCP determine which class to select from? : NA. See answer to previous question.
If I change the class-id on a client to be "Default Routing and Remote Access Class" so that I can set specific options on the machine when it is in the field, must I remove or change that class on the workstation when it returns to the LAN?: First of all when you mention "Default Routing and Remote Access Class" as mentioned in the UI of the DHCP server, you are referring to the display name of the user class. This is not what you would see if you parse the user class information of the DHCP packet. The actual byte sequence which represents this user class, can be quite different. Whereas, when you mention the user class in the ipconfig /setclassid command, what you are mentioning is the actual byte string that will be put into the user class field in the DHCP packet by the DHCP client when sending the requests. You should not attempt to use upconfig /setclassid to set the user class of the clients and use the name of the predefined User classes. When you want to assign specific set of clients specific config, you might want to create a new user class and configure that in the dHCP server and on the client using ipconfig /setclassid.
I hope i have cleared your doubts... Let me know if you have any further issues.
Interaction between DHCP and RRAS (VPN):
https://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8006f246-2029-4bad-b9f0-4f31a56b0590.mspx Please refer the section on "DHCP and Routing and Remote Access"
https://support.microsoft.com/kb/160699/
General discussion about user/vendor classes:
https://blogs.msdn.com/anto_rocks/archive/2005/02/25/380231.aspx