DHCP Option82

Information About DHCP Option 82

DHCP Option 82 is organized as a single DHCP option that contains information known by the relay agent. This feature provides additional security when DHCP is used to allocate network addresses, and enables the Cisco controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources.

The controller can be configured to add Option 82 information to DHCP requests from clients before forwarding the requests to a DHCP server. The DHCP server can then be configured to allocate IP addresses to the wireless client based on the information present in DHCP Option 82.

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the Options field of the DHCP message. The data items themselves are also called options. Option 82 contains information known by the relay agent.

The Relay Agent Information option is organized as a single DHCP option that contains one or more suboptions that convey information known by the relay agent. Option 82 was designed to allow a DHCP Relay Agent to insert circuit−specific information into a request that is being forwarded to a DHCP server. This option works by setting two suboptions:

  • Circuit ID

  • Remote ID

The Circuit ID suboption includes information that is specific to the circuit the request came in on. This suboption is an identifier that is specific to the relay agent. Thus, the circuit that is described will vary depending on the relay agent.

The Remote ID suboption includes information on the remote host–end of the circuit. This suboption usually contains information that identifies the relay agent. In a wireless network, this would likely be a unique identifier of the wireless access point.


Note

All valid Remote ID combinations are separated with a colon (:) as the delimiter.


Note

IP MAC binding is required for DHCP Option 82 to work in some situations.

You can configure the following DHCP Option 82 options in a controller :

  • DHCP Enable

  • DHCP Opt82 Enable

  • DHCP Opt82 Ascii

  • DHCP Opt82 RID

  • DHCP Opt Format

  • DHCP AP MAC

  • DHCP SSID

  • DHCP AP ETH MAC

  • DHCP AP NAME

  • DHCP Site Tag

  • DHCP AP Location

  • DHCP VLAN ID


Note

The controller includes the SSID in ASCII and the VLAN-ID in hexadecimal format within the remote-ID sub-option of option 82 in the outgoing DHCP packets to the server for the following configurations: 

ipv4 dhcp opt82 format ssid
ipv4 dhcp opt82 format vlan-id

However, if ipv4 dhcp opt82 ascii configuration is also present, the controller adds VLAN-ID and SSID in ASCII format.

For Cisco Catalyst 9800 Series Configuration Best Practices, see the following link: https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html

Configuring DHCP Option 82 Global Interface

Configure DHCP Option 82 globally through server override (CLI)

Set up DHCP Option 82 settings to override relay agent information in DHCP packets at the server.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Insert the global server override and link selection suboptions.

Example:

Device(config)# ip dhcp-relay information option server-override

The system processes DHCP Option 82 information globally based on server settings.

Device# configure terminal
Device(config)# ip dhcp-relay information option server-override

Configure DHCP Option 82 through server override (CLI)

To enable precise DHCP Option 82 behavior, configure the server override and link-selection suboptions.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Set the server override suboption to either an RFC-specific value or a proprietary value.

Example:

Device(config)# ip dhcp compatibility suboption server-override [cisco | standard]

Step 3

Set the link selection suboption to either an RFC-specific value or a proprietary value.

Example:

Device(config)# ip dhcp compatibility suboption link-selection [cisco | standard]

DHCP Option 82 operates according to the configured settings.

Device# configure terminal
Device(config)# ip dhcp compatibility suboption server-override cisco
Device(config)# ip dhcp compatibility suboption link-selection cisco

Configure DHCP Option 82 globally through different SVIs (GUI)

Enable DHCP Option 82 to insert relay information for clients across selected SVIs.

Procedure

Step 1

Choose Configuration > VLAN.

Step 2

Select a VLAN from the drop-down list.

The Edit SVI window appears.

Step 3

Click the Advanced tab.

Step 4

Select an option from the IPv4 Inbound ACL drop-down list.

Step 5

Select an option from the IPv4 Outbound ACL drop-down list.

Step 6

Select an option from the IPv6 Inbound ACL drop-down list.

Step 7

Select an option from the IPv6 Outbound ACL drop-down list.

Step 8

Enter an IP address in the IPv4 Helper Address field.

Step 9

Set the status to Enabled if you want to enable the Relay Information Option setting.

Step 10

Enter the Subscriber ID.

Step 11

Set the status to Enabled if you want to enable the Server ID Override setting.

Step 12

Set the status to Enabled if you want to enable the Option Insert setting.

Step 13

Select an option from the Source-Interface Vlan drop-down list.

Step 14

Click Update & Apply to Device.

DHCP Option 82 is enabled for the selected SVIs. This allows relay agent information to be included in DHCP requests.

Configuring DHCP Option 82 Globally Through Different SVIs (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 2

ip dhcp-relay source-interface vlan vlan-id

Example:

Device(config)# ip dhcp-relay source-interface vlan 74

Sets global source interface for relayed messages.

Configuring DHCP Option 82 Format

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

wireless profile policy policy-name

Example:

Device(config)# wireless profile policy pp3

Enables configuration for the specified profile policy.

Step 3

shutdown

Example:

Device(config-wireless-policy)# shutdown

Shuts down the profile policy.

Step 4

vlan vlan-name

Example:

Device(config-wireless-policy)# vlan 72

Assigns the profile policy to a VLAN.

Step 5

session-timeout value-btwn-20-86400

Example:

Device(config-wireless-policy)# session-timeout 300

(Optional) Sets the session timeout value in seconds. The range is between 20-86400.

Step 6

idle-timeout value-btwn-15-100000

Example:

Device(config-wireless-policy)# idle-timeout 15

(Optional) Sets the idle timeout value in seconds. The range is between 15-100000.

Step 7

central switching

Example:

Device(config-wireless-policy)# central switching

Enables central switching.

Step 8

ipv4 dhcp opt82

Example:

Device(config-wireless-policy)# ipv4 dhcp opt82

Enables DHCP Option 82 for the wireless clients.

Step 9

ipv4 dhcp opt82 ascii

Example:

Device(config-wireless-policy)# ipv4 dhcp opt82 ascii

(Optional) Enables ASCII on the DHCP Option 82 feature.

Step 10

ipv4 dhcp opt82 rid

Example:

Device(config-wireless-policy)# ipv4 dhcp opt82 rid

(Optional) Supports the addition of Cisco 2 byte Remote ID (RID) for the DHCP Option 82 feature.

Step 11

ipv4 dhcp opt82 format { ap_ethmac| ap_location| apmac| apname| policy_tag| ssid| vlan_id}

Example:

Device(config-wireless-policy)# ipv4 dhcp opt82 format apmac

Enables DHCP Option 82 on the corresponding AP.

For information on the various options available with the command, see Cisco Catalyst 9800 Series Wireless Controller Command Reference.

Step 12

no shutdown

Example:

Device(config-wireless-policy)# no shutdown

Enables the profile policy.

Configuring DHCP Option82 Through a VLAN Interface

Configuring DHCP Option 82 Through Option-Insert Command (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

interface vlan vlan-id

Example:

Device(config)# interface vlan 72

Configures a VLAN ID.

Step 3

ip dhcp relay information option-insert

Example:

Device(config-if)# ip dhcp relay information option-insert

Inserts relay information in BOOTREQUEST.

Step 4

ip address ip-address

Example:

Device(config-if)# ip address 9.3.72.38 255.255.255.0

Configures the IP address for the interface.

Step 5

ip helper-address ip-address

Example:

Device(config-if)# ip helper-address 9.3.72.1

Configures the destination address for UDP broadcasts.

Step 6

[no] mop enabled

Example:

Device(config-if)# no mop enabled

Disables the MOP for an interface.

Step 7

[no] mop sysid

Example:

Device(config-apgroup)# [no] mop sysid

Disables the task of sending MOP periodic system ID messages.

Configuring DHCP Option 82 Through the server-ID-override Command (CLI)

Procedure

  Command or Action Purpose

Step 1

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 2

ip dhcp compatibility suboption server-override cisco

Example:

Device(config)# ip dhcp compatibility suboption server-override cisco

Configures the server-id override suboption to an RFC or Cisco specific value.

Step 3

ip dhcp compatibility suboption link-selection cisco

Example:

Device(config)# ip dhcp compatibility suboption link-selection cisco

Configures the link-selection suboption to an RFC or Cisco specific value.

Step 4

interface vlan vlan-id

Example:

Device(config)# interface vlan 72

Configures a VLAN ID.

Step 5

ip dhcp relay information option server-id-override

Example:

Device(config-if)# ip dhcp relay information option server-id-override

Inserts the server id override and link selection suboptions.

Step 6

ip address ip-address

Example:

Device(config-if)# ip address 9.3.72.38 255.255.255.0

Configures the IP address for the interface.

Step 7

ip helper-address ip-address

Example:

Device(config-if)# ip helper-address 9.3.72.1

Configures the destination address for UDP broadcasts.

Step 8

[no] mop enabled

Example:

Device(config-if)# no mop enabled

Disables MOP for an interface.

Step 9

[no] mop sysid

Example:

Device(config-if)# [no] mop sysid

Disables the task of sending MOP periodic system ID messages.

Configure DHCP Option 82 through a subscriber-ID (CLI)

Configure DHCP Option 82 through a subscriber-ID.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a VLAN ID.

Example:

Device(config)# interface vlan vlan-id

Step 3

Insert the subscriber identifier suboption to include the subscriber ID in DHCP messages.

Example:

Device(config-if)# ip dhcp relay information option subscriber-id subscriber-id

Step 4

Configure the IP address for the interface.

Example:

Device(config-if)# ip address ip-address

Step 5

Configure the destination address for UDP broadcasts.

Example:

Device(config-if)# ip helper-address ip-address

Step 6

Disable MOP for an interface.

Example:

Device(config-if)# no mop enabled

Step 7

Disable the task of sending MOP periodic system ID messages.

Example:

Device(config-apgroup)# no mop sysid

The system now inserts the subscriber-ID suboption (DHCP Option 82) into relayed DHCP packets on the specified VLAN interface.

Device# configure terminal
Device(config)# interface vlan 72
Device(config-if)# ip dhcp relay information option subscriber-id test10
Device(config-if)# ip address 9.3.72.38 255.255.255.0
Device(config-if)# ip helper-address 92.0.2.1
Device(config-if)# no mop enabled
Device(config-apgroup)# no mop sysid

Configure DHCP Option 82 through server-ID-override and subscriber-ID commands (CLI)

Enable customized handling of DHCP Option 82 information for relayed DHCP requests by setting server and subscriber ID options.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a VLAN ID.

Example:

Device(config)# interface vlan vlan-id

Step 3

Insert server ID override and link selection suboptions.

Example:

Device(config-if)# ip dhcp relay information option server-id-override

Step 4

Insert the subscriber identifier suboption.

Example:

Device(config-if)# ip dhcp relay information option subscriber-id subscriber-id

Step 5

Configure the IP address for the interface.

Example:

Device(config-if)# ip address ip-address

Step 6

Configure the destination address for UDP broadcasts.

Example:

Device(config-if)# ip helper-address ip-address

Step 7

Disable the MOP for an interface.

Example:

Device(config-if)# no mop enabled

Step 8

Disable the task of sending MOP periodic system ID messages.

Example:

Device(config-apgroup)# no mop sysid

The interface relays DHCP requests with Option 82 data, including server ID override and subscriber ID.

Device# configure terminal
Device(config)# interface vlan 72
Device(config-if)# ip dhcp relay information option server-id-override
Device(config-if)# ip dhcp relay information option subscriber-id test10
Device(config-if)# ip address 9.3.72.38 255.255.255.0
Device(config-if)# ip helper-address 9.3.72.1
Device(config-if)# no mop enabled
Device(config-apgroup)# no mop sysid

Configure DHCP Option 82 through different SVIs (CLI)

Enable DHCP Option 82 using different switch virtual interfaces (SVIs) for relayed requests.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a VLAN ID.

Example:

Device(config)# interface vlan vlan-id

Step 3

Configure a source interface on the VLAN to relay messages.

Example:

Device(config-if)# ip dhcp relay source-interface vlan vlan-id

Step 4

Configure the IP address for the interface.

Example:

Device(config-if)# ip address ip-address

Step 5

Configure the destination address for UDP broadcasts.

Example:

Device(config-if)# ip helper-address ip-address

Step 6

Disable the Maintenance Operations Protocol (MOP) on the interface.

Example:

Device(config-if)# no mop enabled

Step 7

Disable periodic system ID message transmission for MOP.

Example:

Device(config-apgroup)# no mop sysid

The device relays DHCP messages with Option 82 through the configured VLAN SVIs.

Device# configure terminal
Device(config)# interface vlan 72
Device(config-if)# ip dhcp relay source-interface vlan 74
Device(config-if)# ip address 9.3.72.38 255.255.255.0
Device(config-if)# ip helper-address 9.3.72.1
Device(config-if)# no mop enabled
Device(config-apgroup)# no mop sysid