Configuring Option 82

For information on Option 82, see the sections beginning with DHCP Option 82.

Syntax:


dhcp-relay option 82 [append [validate] | replace [validate] | drop [validate] | keep] [ip | mac | mgmt-vlan]
append

Configures the switch to append an Option 82 field to the client DHCP packet. If the client packet has existing Option 82 fields assigned by another device, the new field is appended to the existing fields.

The appended Option 82 field includes the switch Circuit ID (inbound port number*) associated with the client DHCP packet and the switch Remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client.

To use the incoming VLAN's IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the ip or mgmt-vlan option (below.)

replace

Configures the switch to replace existing Option 82 fields in an inbound client DHCP packet with an Option 82 field for the switch.

The replacement Option 82 field includes the switch circuit ID (inbound port number*) associated with the client DHCP packet and the switch remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client.

To use the incoming VLAN's IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the ip or mgmt-vlan option (below.)

drop

Configures the routing switch to unconditionally drop any client DHCP packet received with existing Option 82 fields. This means that such packets will not be forwarded. Use this option where access to the routing switch by untrusted clients is possible.

If the routing switch receives a client DHCP packet without an Option 82 field, it adds an Option 82 field to the client and forwards the packet. The added Option 82 field includes the switch circuit ID (inbound port number*) associated with the client DHCP packet and the switch remote ID. The default switch remote ID is the MAC address of the switch on which the packet was received from the client.

To use the incoming VLAN's IP address or the Management VLAN IP address (if configured) for the remote ID instead of the switch MAC address, use the ip or mgmt-vlan option (below.)

keep

For any client DHCP packet received with existing Option 82 fields, configures the routing switch to forward the packet as-is, without replacing or adding to the existing Option 82 fields.

validate

Operates when the routing switch is configured with append, replace, or drop as a forwarding policy. With validate enabled, the routing switch applies stricter rules to an incoming Option 82 server response to determine whether to forward or drop the response. For more information, see Validation of server response packets.

[ip | mac | mgmt-vlan]

Specifies the remote ID suboption that the switch uses in Option 82 fields added or appended to DHCP client packets. The type of remote ID defines DHCP policy areas in the client requests sent to the DHCP server. If a remote ID suboption is not configured, the routing switch defaults to the mac option. See Option 82 field content.

  • ip:

    Specifies the IP address of the VLAN on which the client DHCP packet enters the switch.

  • mac:

    Specifies the routing switch's MAC address. (The MAC address used is the same MAC address that is assigned to all VLANs configured on the routing switch.) This is the default setting.

  • mgmt-vlan:

    Specifies the IP address of the (optional) management VLAN configured on the routing switch. Requires that a management VLAN is already configured on the switch. If the management VLAN is multinetted, the primary IP address configured for the management VLAN is used for the remote ID.If you enter the dhcp-relay option 82 command without specifying either ip or mac, the MAC address of the switch on which the packet was received from the client is configured as the remote ID. For information about the remote ID values used in the Option 82 field appended to client requests, see Option 82 field content.

Example

In the routing switch shown below, option 82 has been configured with mgmt-vlan for the remote ID.

switch(config)# dhcp-relay option 82 append mgmt-vlan

The resulting effect on DHCP operation for clients X, Y, and Z is shown in the following table.

DHCP Option 82 when using the management VLAN as the remote ID suboption
DHCP operation for the topology in Figure DHCP Option 82 when using the management VLAN as the remote ID suboption

Client

Remote ID

giaddr

DHCP server

 

X

10.38.10.1

10.39.10.1

A only

If a DHCP client is in the management VLAN, its DHCP requests can go only to a DHCP server that is also in the management VLAN. Routing to other VLANs is not allowed.

Y

10.38.10.1

10.29.10.1

B or C

Clients outside of the management VLAN can send DHCP requests only to DHCP servers outside of the management VLAN. Routing to the management VLAN is not allowed.

Z

10.38.10.1

10.15.10.1

B or C