DHCP relay agents offer this option for providing client information to the DHCP server. This information could consists of the switch vlan and port information or other circuit information as deemed by the server provider. A lot of service providers that uses PPPoE, inserts the option 82 information for tracking, statistics and billing means.
We will use a cisco 3560 and with dhcp snooping enable with the default of installing DHCP relay agent information for this post.
1st here our dhcp-snooping configuration for vlan 1,2, & 333
We also enable dhcp trust for gi 0/1, which is the port that our dhcp-server is located at ;
note: my dhcp server on port gi 0/1 ignores options #82 information
This set the base for our diagnostics and capture. I'm capturing traffic on gi 0/1 and will replay this using tshark and with the display filter " 'bootp.option.agent_information_option.suboption' "
1st here's our show DHCP snooping output for vlan 1, 2, 333
Notice the custom circuit-ids are not populated?
by default a switch inserts the circuit-id in this fashion; vlan# module# and port #
Okay here's a packet capture for a client in vlan1 on port #2, and the option 82 details which reflects the client vlan and port #.
Notice the circuit-id 000400010102 ?
This reflects the client at port #2 and vlan #1
If we move the client to port#5, the display would look like the following;
Notice the circuit-id 000400010105 ?
Okay that was simple. Now let's look at the agent-remote-ID. This value is computed from the switch 1st available mac_address
DHCP snoop or dhcp relay information configurations, will insert this mac_address for the Agent Remote ID. So keep this in mind if your looking at remote-id information.
And finally, I will reconfigure the above for vlan 2 and then vlan 333 so you can see the change in the client information that's relayed to the DHCP server;
vlan2
vlan333 ( hex 0x14d )
And finally, to disable this feature ;
( for a dhcp snooping enable switch )
( for a ip helper )
I hope this helps with your understanding of the option #82 and it's place with regards to the DHCP relay and server.
Ken Felix
Freelance Network/Security Engineer
kfelix ----@---- socpuppets ---.----com
^ ^
=( * * )=
@
/ \
No comments:
Post a Comment