Page Content

Tutorials

Load more

What is DHCP Option 82? How it Works, Benefits & Components

CCNA
Jetipalli Lavaya
Author: Jetipalli Lavaya
5 min.read

What is DHCP Option 82

DHCP Option 82
DHCP Option 82

By adding information to DHCP requests to determine the client’s location for the DHCP server, DHCP Option 82, also known as the DHCP Relay Agent Information Option, improves security and makes differentiated service possible. To give information about the client’s connection point, it has sub-options such as Circuit ID (which identifies the particular interface and VLAN) and Remote ID (which identifies the access device). This is particularly helpful in networks and service provider environments where DHCP snooping is enabled, since it enables the DHCP server to issue the appropriate IP address and services based on location.

Allowing a DHCP Relay Agent to add circuit-specific information to a client’s DHCP request prior to transmitting it to the DHCP server is the main objective of Option 82. This capability allows for diverse service offers and improves security.

In short: DHCP Option 82 = extra information in DHCP requests that tells the server where the request came from.

You can also read Common Network Security Vulnerabilities And Exploitation

How DHCP Option 82 Works

How DHCP Option 82 Works
How DHCP Option 82 Works

In networks, when the DHCP client and server are on separate subnets and a relay agent is required to deliver the broadcast DHCP message, option 82 is crucial.

  • Client Request: A broadcast DHCP Discover message is sent by a DHCP client.
  • Relay Agent Action (Insertion): The client’s request is intercepted by a device set up as a DHCP relay agent, such as a switch. The Option 82 field is added to the DHCP transmission by the relay agent. This element includes the client’s physical point of attachment as well as identifying details about the relay agent. After that, the relay agent sends the updated message to the DHCP server as a unicast packet.
  • Server Processing: After receiving the request, the DHCP server reads the information from Option 82 and applies the appropriate IP addressing policies. An IP address from a pool designated for clients connecting to a particular switch port, for example, may be assigned by the server.
  • Server Response (Echo): The relay agent frequently receives an echo of the Option 82 data after the DHCP server has created a DHCP Offer message.
  • Relay Agent Action (Stripping): After receiving the response, the relay agent forwards the pure DHCP Offer message back to the client after stripping the Option 82 information.

The DHCP server must be set up to take Option 82 information in order to use this function; if it is not, it will disregard the information in the requests and fail to echo it in the response messages.

Components of DHCP Option 82

One or more suboptions that convey information that the relay agent is aware of make up the Relay Agent Information option. Typical sub-options include:

  • Circuit ID: Contains information specific to the circuit (interface or VLAN) on which the DHCP request was received. It acts as an identifier specific to the relay agent. This can include the interface name and Virtual Local Area Network name, often separated by a colon (e.g., ge-0/0/10:vlan1). The Circuit ID is equivalent to DHCPv6 Option 18.
  • Remote ID: Contains details that identify the relay device or the remote host. This is probably the wireless access point’s unique identification in a wireless network. DHCPv6 Option 37 is the same as the Remote ID.
  • Vendor ID (Implementation Specific): Identifies the host’s vendor. This corresponds to Option 16 of DHCPv6.

Benefits and Use Cases

There are numerous advantages to using DHCP Option 82, especially in big company and service provider networks:

Option 82 is an essential part of network administration and security and is utilized for more than just forwarding DHCP requests:

  • Policy-Based IP Assignment: This enables the DHCP server to apply addressing rules according to the physical location of the client. For instance, an IP address from a predetermined range will always be sent to a client connecting to a certain port on a particular switch.
  • Location Tracking: To help with troubleshooting and inventory management, network administrators can log Option 82 information to track the precise position of a device that was given an IP address.
  • Security (DHCP Snooping): Option 82 is compatible with DHCP Snooping, which is a switch security feature. It is possible to set up DHCP snooping to reject DHCP packets with a fabricated or incorrect Option 82 field and to trust the Option 82 data entered by an authorized relay agent. By guaranteeing that only authorized devices are assigned IP addresses, this helps defend the network against threats like DHCP starvation and IP and MAC address spoofing.
  • ISP/Metro Ethernet Deployments: Service providers use Option 82 to supply certain service parameters (such as allocating IPs from a pool specific to that subscriber’s physical connection) and to identify and authenticate users.

You can also read Identity Based Access Control(IBAC) Features And Advantages

Configuration Context (Cisco Wireless Controllers)

Option 82 can be customized for the Cisco Catalyst 9800 Series Wireless Controllers. Several data components can be included in the choice by configuring the controller, including:

  • DHCP AP MAC, DHCP AP ETH MAC, DHCP AP NAME, DHCP Site Tag, DHCP AP Location
  • DHCP SSID and DHCP VLAN ID
  • Configuration options such as DHCP Opt82 Ascii (which allows VLAN-ID and SSID to be added in ASCII format) and DHCP Opt82 RID (which supports the addition of Cisco 2-byte Remote ID).
  • IP MAC binding may be necessary for DHCP Option 82 to function in some cases.

Whether the command no ip dhcp snooping information option is needed depends entirely on whether the switch acts as a DHCP relay agent.

  • If the switch is a multilayer switch and is configured as a DHCP relay agent, inserting Option 82 is generally desired.
  • If the switch is a Layer 2 switch and forwards DHCP messages without relay functionality, disabling Option 82 insertion is crucial for DHCP functionality.

Interaction with DHCP Snooping

When the switch is not functioning as a DHCP relay agent, DHCP Snooping, a security feature frequently seen on Layer 2 switches, interacts closely with DHCP Option 82 and requires certain configuration.

Default Behaviour and Potential Issues:

  • DHCP Snooping frequently uses default configurations that presume the switch is functioning as both a DHCP relay agent and a Layer 3 switch.
  • By default, the switch configuration causes it to insert the DHCP Option 82 fields into DHCP messages. This is confirmed by checking the show ip dhcp snooping output, which may initially show Insertion of option 82 is enabled.
  • The Problem: The default option for Option 82 prevents DHCP from functioning for end users when a Layer 2 switch carries out DHCP Snooping but is not functioning as a DHCP relay agent. Most DHCP servers (and most DHCP relay agents) disregard the received DHCP messages as a result of the switch setting fields in the DHCP messages as though it were a relay agent.

Configuration to Disable Option 82 Insertion:

  • To make DHCP Snooping work correctly on a Layer 2 switch that is not also a DHCP relay agent, you must disable the Option 82 feature.
  • The global command used to disable the insertion of DHCP Option 82 data into DHCP messages is no ip dhcp snooping information option.
  • When this command is used, the show ip dhcp snooping output displays the line: Insertion of option 82 is disabled.

You can also read How Organization Based Access Control OrBAC Works?

Previous article
What Is Root Guard In Networking? Root Guard Vs BPDU Guard
Next article
What is Storm Control in Networking, Purpose & How it Works
Jetipalli Lavaya
Jetipalli Lavaya

About Us 

Contact Us

Privacy Polacy

Disclaimer

© G Solutions

Index