Configuring DHCP Option 82

DHCP Option 82

DHCP option 82 provides additional security when DHCP is used to allocate network addresses. It enables the to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources. You can configure the to add option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server.

Figure 1. DHCP Option 82

The access point forwards all DHCP requests from a client to the . The adds the DHCP option 82 payload and forwards the request to the DHCP server. The payload can contain the MAC address or the MAC address and SSID of the access point, depending on how you configure this option.


Note

Any DHCP packets that already include a relay agent option are dropped at the .


For DHCP option 82 to operate correctly, DHCP proxy must be enabled.

This section contains the following subsections:

Restrictions on DHCP Option 82

  • DHCP option 82 is not supported for use with auto-anchor mobility.

Configuring DHCP Option 82 (GUI)

Procedure


Step 1

Choose Controller > Advanced > DHCP to open the DHCP Parameters page.

Step 2

Select the Enable DHCP Proxy check box to enable DHCP proxy.

Step 3

Choose a DHCP Option 82 format from the drop-down list. You can choose either binary or ascii to specify the format of the DHCP option 82 payload.

Step 4

Choose a DHCP Option 82 Remote ID field format from the drop-down list to specify the format of the DHCP option 82 payload.

For more information about the options available, see the Controller Online Help.

Step 5

Enter the DHCP timeout value in the DHCP Timeout field. The timeout value is globally applicable. You can specify the DHCP timeout value in range from 5 to 120 seconds.

Step 6

Click Apply.

Step 7

Click Save Configuration .


What to do next

On the controller CLI, you can enable DHCP option 82 on the dynamic interface to which the WLAN is associated by entering this command:

config interface dhcp dynamic-interface interface-name option-82 enable

Configuring DHCP Option 82 (CLI)

Procedure

  • Configure the format of the DHCP option 82 payload by entering one of these commands:

    • config dhcp opt-82 remote-id ap_mac —Adds the radio MAC address of the access point to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id ap_mac:ssid —Adds the radio MAC address and SSID of the access point to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id ap-ethmac —Adds the Ethernet MAC address of the access point to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id apname:ssid —Adds the AP name and SSID of the access point to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id ap-group-name —Adds the AP group name to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id flex-group-name —Adds the FlexConnect group name to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id ap-location —Adds the AP location to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id apmac-vlan-id —Adds the radio MAC address of the access point and the VLAN ID to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id apname-vlan-id —Adds the AP name and its VLAN ID to the DHCP option 82 payload.
    • config dhcp opt-82 remote-id ap-ethmac-ssid —Adds the Ethernet MAC address of the access point and the SSID to the DHCP option 82 payload.
  • Configure the format of the DHCP option 82 as binary or ASCII by entering this command:

    config dhcp opt-82 format { binary | ascii}

  • Enable DHCP Option 82 on the dynamic interface to which the WLAN is associated by entering this command:

    config interface dhcp dynamic-interface interface-name option-82 enable

  • See the status of DHCP option 82 on the dynamic interface by entering the show interface detailed dynamic-interface-name command.