Multicast and Routing Guide K/KA/KB.15.15

The above combination allows for detection and dropping of client requests with spurious Option

82 fields. If none are found, the drop policy on the first relay agent adds an Option 82 field, which

is then kept unchanged over the next two relay agent hops ("B" and "C".) The server can then

enforce an IP addressing policy based on the Option 82 field generated by the edge relay agent

("A".) In this example, the DHCP policy boundary is at relay agent 1.

This is an enhancement of the previous example. In this case, each hop for an accepted client

request adds a new Option 82 field to the request. A DHCP server capable of using multiple Option

82 fields can be configured to use this approach to keep a more detailed control over leased IP

addresses. In this example, the primary DHCP policy boundary is at relay agent "A," but more

A valid Option 82 server response to a client request packet includes a copy of the Option 82

fields the server received with the request. With validation disabled, most variations of Option 82

information are allowed, and the corresponding server response packets are forwarded.

Server response validation is an option you can specify when configuring Option 82 DHCP for

append, replace, or drop operation. See “Forwarding policies” (page 241). Enabling validation

on the routing switch can enhance protection against DHCP server responses that are either from

untrusted sources or are carrying invalid Option 82 information.

With validation enabled, the relay agent applies stricter rules to variations in the Option 82 fields

of incoming server responses to determine whether to forward the response to a downstream device