Users Guide
This option secures all DHCP traffic that goes through a DHCP relay agent, and ensures that communication between the DHCP
relay agent and the DHCP server is not compromised.
The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the DHCP server. The DHCP server includes
Option 82 back in its response to the relay agent. The relay agent uses this information to forward a reply out the interface on
which the request was received rather than flooding it on the entire VLAN. However, the relay agent removes Option 82 from
its DHCP responses before forwarding the responses to the client.
Enable or disable DHCP Option-82
Use DHCP Option-82 in a distributed DHCP server or relay environment. When a network device, such as a DHCP, client sends
a DHCP request, the relay agent inserts information about the client network location into the packet header of that request.
The relay agent then sends the request to the DHCP server.
After the DHCP server sends a response, the relay agent strips out the DHCP Option-82 and forwards it to the client. DHCP
Option-82 serves as enhancement to the DHCP request allowing the DHCP server to select a sub-range in the pool.
Use Option-82 to uniquely identify the client point of attachment. Option-82 carries two sub-options, circuit-id and remote-id:
● Circuit-id : This sub option contains the VLAN and port information of the DHCP client. The VLAN id and Port name are used
for this option. The circuit-id is added in the <VLANID>-<INTERFACE_NAME> format. For example: vlan100-eth1/1/1.
● Remote-id : This sub option contains the system identification. System MAC address is used for this sub-option. For
example: 00:04:89:76:62:78.
By default, Option-82 is enabled at both the Global level and interface level. When you disable Option-82, the relay agent
forwards the packet without adding client information (Option-82 and its sub-options) to the packet header. The DHCP server
allocates the IP address based on the giaddr value.
Restrictions and Limitations
● Enabling or disabling Option-82 is not supported on PVLAN. By default, Option-82 is always enabled on PVLAN.
● This feature is not supported on VXLAN.
● In case of a VLT configuration mismatch, discover and offer take one route where Option-82 is enabled but takes
another route where Option-82 is disabled and the client never gets an IP address.
Option-82 with the Client and the Server in same VLAN
In this topology, Host1, Host2, and Host3 are the DHCP clients connected to the DHCP-relay-enabled switch. The DHCP clients
and the DHCP server are part of same VLAN 100.
In this scenario, the DHCP-relay-enabled switch floods the DHCP packets from the DHCP client and also forwards the DHCP
packets with Option-82 set in the DHCP packet header to the DHCP server.
If you configured Option-82, the DHCP server allocates the IP address based on the options present in Option-82. Otherwise,
the DHCP server allocates the IP address with the on-link subnet.
If you disable Option-82 in the DHCP relay switch, the DHCP packet from the client forward without Option-82 and the DHCP
server allocates the IP address from the on-link subnet value.
Option-82 with the Client and the Server in different VLANs
In this topology, Host1, Host2,and Host3 are the DHCP clients connected to the DHCP-relay-enabled switch. The DHCP clients
and the DHCP server are part of different VLANs, VLAN 100 and VLAN 200, respectively.
In this scenario, the DHCP-relay-enabled switch floods the DHCP packets from the DHCP client in VLAN 100 and also forwards
the DHCP packet with Option-82 set in the DHCP packet header to the DHCP Server in VLAN 200. If you configured
Option-82, the DHCP server allocates the IP address based on Option-82. Otherwise, the DHCP server allocates the IP address
from the subnet based on the giaddr value in the DHCP relay packet.
If you disabled Option-82 in the DHCP relay switch, the DHCP packets from the client forward without Option-82 and the
DHCP server allocates the IP address based on the giaddr value, which is the VLAN IP address.
You can configure Option-82 at the Global level and interface level. When both the global and interface level Option-82
configuration is present, the configuration to disable Option-82 takes precedence. By default, Option-82 is enable both at Global
and Interface levels.
System management
283