Allied Telesis AT-8700XL Series, Rapier i Series, AT-8600 Series manual Dhcp Option

Page 8

DHCP Option 82

DHCP Option 82

DHCP Relay Agent Information Option 82 is an extension to the Dynamic Host Configuration Protocol (DHCP), and is defined in RFC 3046 and RFC 3993.

DHCP Option 82 can be used to send information about DHCP clients to the authenticating DHCP server. DHCP Option 82 will identify the VLAN number, port number and, optionally a customer ID of a client, during any IP address allocation. When DHCP Option 82 is enabled on the switch, it inserts the above information into the DHCP packets as they pass through the switch on their way to the DHCP server. The DHCP server stores the IP allocation record.

DHCP Option 82 can work in either layer 2 forwarding or layer 3 routing modes. There are significant differences in operation and configuration of these two modes – the latter needing BOOTP Relay support. Some configuration examples and operation descriptions are provided in a later section of this document.

Although Option 82 is titled the DHCP Relay Agent Information Option, the device that inserts the Option 82 information into a DHCP packet does not have to be acting as DHCP relay. A layer 2 switch can insert the Option 82 information into the DHCP packets (if snooping is enabled). The Option 82 information needs to be inserted into the DHCP packets by a switch at the edge of the network, because only the edge switch knows the information that uniquely identifies the subscriber that the IP address was allocated to.

It is quite likely that the edge switch will be a layer 2 switch, rather than a DCHP-relaying layer 3 switch.

Page 8 AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches

Page 7 Page 9
Image 8
Page 7 Page 9
Contents AlliedWareTM OS IntroductionThis document contains the following contents Dhcp snooping Related How To NotesMinimum configuration Database survival across reboots DatabaseDhcp snooping database time-out Verifying the status of snooped usersList of terms ARP SecurityStatic binding Trusted and non-trusted portsEnabling Dhcp snooping Completely removing the Dhcp snooping database So the database is emptyDhcp Option Dhcp Message Type = Dhcp Request Protocol detailsExample Packet Configuring Option AnalysisConfiguring filtering Dhcp filteringTo enable Dhcp snooping ARP security Dhcp snooping filter show commandARP security Resource considerationsExample on a Rapier If ARP security is enabled, addOr if ARP security is enabled, is Configuration examples Configure a private Vlan for customersEnable Dhcp snooping and Option 82 support Add the tagged uplink ports to the VlanAdd the untagged ports for the customers Define the Dhcp snooping trusted portsCreate a traffic class for all upstream flow groups Create a set of QoS classifiersDefine the upstream QoS flow groups Configure two VLANs for layer 3 access to the Dhcp server Add ports to the VLANsFor layer 3 support, enable the Bootp Relay Define the Dhcp snooping trusted portCreate a set of QoS classifiers Troubleshooting No trusted ports configuredDHCPSNProcess 0b4333cc Dhcp Snooping pkt for Vlan From port DHCPSNProcess 0b4333cc TaggedNone UntaggedNoneDhcp client continually sends requests instead of a discover Maximum number of leases is exceededDhcpsnarp 01a6f5ec ARP to be forwarded, sender validated Switch is dropping ARPsManager set dhcpsnooping port=3 maxleases=2 Dhcpsnarp 02680e6c ARP to be forwarded, sender validated Trusted portsShow log command is also very useful Displaying log entriesAppendix 1 ISC Dhcp server C613-16086-00 REV B
Top Page Image Contents