|
| IP Routing Features | |
|
| Configuring DHCP Relay | |
|
|
|
|
Option 82 | DHCP Client Request Packet Inbound to the Routing Switch |
| |
Configuration |
|
|
|
Packet Has No | Packet Includes an Option 82 Field |
| |
|
| ||
| Option 82 Field |
|
|
|
|
|
|
Replace | Append an | Replace replaces any existing Option 82 fields from downstream relay agents (and/ |
|
| Option 82 Field | or the originating client) with an Option 82 field for the current relay agent.. Some |
|
|
| applications for replace include: |
|
|
| • The relay agent is located at a point in the network that is a DHCP policy |
|
|
| boundary and you want to replace any Option 82 fields appended by down |
|
|
| stream devices with an Option 82 field from the relay agent at the boundary. |
|
|
| (This eliminates downstream Option 82 fields you do not want the server to use |
|
|
| when determining which IP addressing policy to apply to a client request.) |
|
|
| • In applications where the routing switch is the primary relay agent for clients |
|
|
| that may append their own Option 82 field, you can use replace to delete these |
|
|
| fields if you do not want them included in client requests reaching the server. |
|
|
|
|
|
Drop | Append an | Drop causes the routing switch to drop an inbound client request with an Option |
|
| Option 82 Field | 82 field already appended. If no Option 82 fields are present, drop causes the routing |
|
|
| switch to add an Option 82 field and forward the request. As a general guideline, |
|
|
| configure drop on relay agents at the edge of a network, where an inbound client |
|
|
| request with an appended Option 82 field may be unauthorized, a security risk, or |
|
|
| for some other reason, should not be allowed. |
|
|
|
|
|
Multiple Option 82 Relay Agents in a Client Request Path
Where the client is one router hop away from the DHCP server, only the Option 82 field from the first (and only) relay agent is used to determine the policy boundary for the server response. Where there are multiple Option 82 router hops between the client and the server, you can use different configuration options on different relay agents to achieve the results you want. This includes configuring the relay agents so that the client request arrives at the server with either one Option 82 field or multiple fields. (Using multiple Option 82 fields assumes that the server supports multiple fields and is configured to assign IP addressing policies based on the content of multiple fields.)
|
|
| Relay Agent “A” |
| Relay Agent “B” |
|
| Relay Agent “C” |
| ||||||||
|
|
| VLAN |
| VLAN |
| VLAN |
| VLAN |
|
| VLAN |
| VLAN |
|
| |
|
|
|
|
|
|
|
|
|
| DHCP | |||||||
Client |
|
| |||||||||||||||
|
|
|
| 20 |
|
|
|
| 30 |
|
|
|
| 20 |
|
| |
|
| 10 |
|
|
| 20 |
|
| 10 |
|
| Option | |||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 82 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
| DROP |
|
|
|
| KEEP |
|
|
| KEEP | Server | ||||
Figure
The above combination allows for detection and dropping of client requests with spurious Option 82 fields. If none are found, then the drop policy on the first relay agent adds an Option 82 field, which is then kept unchanged over