Allied Telesis AT-8600 Series, Rapier i Series, AT-8700XL Series manual Configuring Option, Analysis

Page 10

DHCP Option 82

Analysis

The following table provides an analysis of the strings in the above DHCP Request packet extract:

Text Colour	Analysis
Green	This is the Agent Circuit ID

Blue	This is the Agent

Red	This is the subscriber ID sub-option

The Agent circuit ID string 00 30 00 05 translates as:

30 = vlan48

05 = switch port 5

Configuring Option 82

Different commands are used to turn on Option 82 depending on whether the switch is performing DHCP snooping or DHCP relay. For the DHCP snooping, the command is:

enable dhcpsnooping option82

The subscriber ID to be used on any given port can be set using the command:

set dhcpsnooping port=x subscriberid=”xxxx”

If the switch is acting as a DHCP relay and there is no requirement to also maintain a DHCP snooping database, then the DHCP relay process can be configured to insert option 82 information into the relayed packets:

enable bootp relay option82

The subscriber ID to be used on any given port can be configured with:

set bootp relay option82 subscriberid=”xxxx”

Note: The use of BOOTP relay without DHCP snooping will not be discussed any further in this document.

Agent Circuit ID and Agent Remote ID are sub-options that are also sent as part of the Option 82 data but they are not configurable.

Page 10 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Image 10

Contents AlliedWareTM OS IntroductionThis document contains the following contents Minimum configuration Related How To NotesDhcp snooping Dhcp snooping database time-out Database survival across rebootsDatabase Verifying the status of snooped usersList of terms ARP SecurityEnabling Dhcp snooping Trusted and non-trusted portsStatic binding Completely removing the Dhcp snooping database So the database is emptyDhcp Option Example Packet Protocol detailsDhcp Message Type = Dhcp Request Configuring Option AnalysisConfiguring filtering Dhcp filteringARP security To enable Dhcp snooping ARP securityDhcp snooping filter show command Resource considerationsOr if ARP security is enabled, is If ARP security is enabled, addExample on a Rapier Configuration examples Configure a private Vlan for customersAdd the untagged ports for the customers Enable Dhcp snooping and Option 82 supportAdd the tagged uplink ports to the Vlan Define the Dhcp snooping trusted portsDefine the upstream QoS flow groups Create a set of QoS classifiersCreate a traffic class for all upstream flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers DHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port TroubleshootingNo trusted ports configured DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededManager set dhcpsnooping port=3 maxleases=2 Switch is dropping ARPsDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B