User Manual

UMN:CLI

SURPASS hiD 6615 S223/S323 R1.5

 

 

 

 

 

Client Identifier Spoofing

By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized client identifier field need not be used by the DHCP server.

Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates.

DHCP Server

2. DHCP Request + Option 82

3. DHCP Response + Option 82

DHCP Relay Agent

1. DHCP Request

4. DHCP Response

DHCP Client

Fig. 8.33 DHCP Option 82 Operation

8.8.5.1Enabling DHCP Option 82

To enable/disable the DHCP option 82, use the following command.

Command

Mode

Description

 

 

 

ip dhcp option82

Global

Enables the system to add the DHCP option 82 field.

 

 

no ip dhcp option82

Disables the system to add the DHCP option 82 field.

 

 

 

 

8.8.5.2Option 82 Sub-Option

The DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to implement security and IP address assignment policies.

There are 2 sub-options for the DHCP option 82 information as follows:

Remote ID

This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits and have mechanisms to identify the remote host of the circuit. Note that, the remote ID must be globally unique.

Circuit ID

This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits. It encodes an agent-local identifier of the circuit from which a DHCP client-to-server packet was received. It is intended for use by DHCP relay agents in forwarding DHCP responses back to the proper circuit.

A50010-Y3-C150-2-7619

253

Page 253
Image 253
Siemens S223, S323 user manual Enabling Dhcp Option, Option 82 Sub-Option