DHCP Snooping Option 82 Configuration Examples

DHCP Snooping Option 82 Configuration

Examples

Keywords: DHCP snooping, DHCP server, Option 82

Abstract: This document describes the typical application environment and configuration
examples for DHCP snooping Option 82.

Acronyms:

Acronym Full spelling

DHCP Dynamic Host Configuration Protocol

DNS Domain Name System

giaddr Gateway IP address

WINS Windows Internet Naming Service

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 1/10

 DHCP Snooping Option 82 Configuration Examples

Table of Contents

1 Feature Overview ........................................................................................................................... 3

2 Application Scenarios ..................................................................................................................... 3

3 Configuration Guidelines ................................................................................................................ 4

4 Configuration Example ................................................................................................................... 4

4.1 Network Requirements ........................................................................................................ 4
4.2 Configuration Considerations .............................................................................................. 6
4.3 Software Version Used ........................................................................................................ 6
4.4 Configuration Procedures .................................................................................................... 6
4.4.1 Configuration on the DHCP Snooping Device .......................................................... 6
4.4.2 Configuration on the DHCP Server ........................................................................... 8
4.4.3 Verification............................................................................................................... 10

5 References ................................................................................................................................... 10

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 2/10

 DHCP Snooping Option 82 Configuration Examples

1 Feature Overview
Option 82 is the relay agent option which records the location information of the
DHCP client. When a DHCP snooping device receives a clients request, it adds
Option 82 to the request message and sends it to the server. Then, the DHCP server
can assign a proper IP address and other parameters for the client. The administrator
can also use Option 82 to implement security control and accounting.

2 Application Scenarios
DHCP server

Eth1/1
DHCP snooping

Eth1/2 Eth1/3

VLAN 2

Host A Host B
DHCP client DHCP client

Figure 1 Option 82 application

Typically, a DHCP server assigns an IP address based on the giaddr filed of the
clients request or the IP address of the interface that received the clients request. In
Figure 1 , the DHCP server assign IP addresses to Host A and Host B from the
network segment where the clients belong.

Traditionally, the DHCP server cannot assign to Host A an IP address that is in a

different network segment from the IP address assigned to Host B. However, this can
be achieved through Option 82, with which, the DHCP server can assign IP
addresses based on the DHCP snooping interface connected to the clients and the
giaddr filed in DHCP requests.

A clients ID can be recognized by Option 82. Therefore, the DHCP server can assign
a unique IP address to each client, to further implement QoS, security and accounting
management.

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 3/10

 DHCP Snooping Option 82 Configuration Examples

3 Configuration Guidelines
z The DHCP snooping Option 82 function can take effect only after you enable
DHCP snooping.
z DHCP snooping does not support link aggregation. If a Layer 2 Ethernet
interface is added into an aggregation group, DHCP snooping configuration on
it will not take effect. When the interface is removed from the group, DHCP
snooping can take effect.
z The DHCP snooping enabled device does not work if it resides between a
DHCP relay agent and DHCP server, and it can work when it resides between a
DHCP client and relay agent or between a DHCP client and server.
z You are recommended to enable the DHCP snooping Option 82 function on the
DHCP snooping device closest to the DHCP client for locating the client
accurately.
z The DHCP snooping enabled device cannot act as a DHCP server or DHCP
relay agent.
z You are not recommended to enable the DHCP client, BOOTP client, and
DHCP snooping on the same device. Otherwise, DHCP snooping entries may
fail to be generated, or the BOOTP client/DHCP client may fail to obtain an IP
address.

4 Configuration Example

4.1 Network Requirements

The work area of an enterprise is divided into three groups, group 1, group 2, and
group 3, which are located in three rooms. A DHCP server is deployed to assign IP
addresses of different segments to the three groups.

It is required that:

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 4/10

 DHCP Snooping Option 82 Configuration Examples

z The DHCP server assigns IP addresses on the network segment

192.168.10.0/24 to devices in the work area. The lease time is 12 hours, and
the DNS and WINS server addresses are 192.168.100.2 and 192.168.100.3
respectively.
z Group 1, group 2 and group 3 are connected to the DHCP snooping device
through Ethernet1/1, Ethernet1/2 and Ethernet1/3 respectively to communicate
with the DHCP server.
z The DHCP server assigns IP addresses ranging from 192.168.10.2 to
192.168.10.25 to clients in group 1, assigns IP addresses ranging from
192.168.10.100 to 192.168.10.150 to clients in group 2, and assigns IP
addresses ranging from 192.168.10.151 to 192.168.10.200 to clients in group 3.

Figure 2 Network diagram for DHCP snooping

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 5/10

 DHCP Snooping Option 82 Configuration Examples

4.2 Configuration Considerations

z Enable Option 82 support on the DHCP snooping device.
z Configure the Option 82 sub-option, so that the clients in different groups can
send packets carrying different Option 82 information. To do so, you can
manually specify the circuit ID sub-option.
z Configure IP address assignment policy on the DHCP server, so that the DHCP
server can assign proper IP addresses to the DHCP clients according to Option
82.

4.3 Software Version Used

This example is configured and verified on Comware V500R002B42D001.

4.4 Configuration Procedures

Note:
The following configurations are made on devices that are using default settings and
verified in a lab environment. When using the following configurations on your devices
in a live network, make sure they do not conflict with your current configurations to
prevent potential negative impact on your network.

4.4.1 Configuration on the DHCP Snooping Device

I. Configuration steps

# Enable DHCP snooping.

<Switch> system-view
[Switch] dhcp-snooping

# Configure Ethernet 1/4 as a DHCP snooping trusted port.

[Switch] interface ethernet 1/4

[Switch-Ethernet1/4] dhcp-snooping trust
[Switch-Ethernet1/4] quit

# Enable Ethernet 1/1 to support Option 82.

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 6/10

 DHCP Snooping Option 82 Configuration Examples

[Switch] interface ethernet 1/1

[Switch-Ethernet1/1] dhcp-snooping information enable

# Pad the Option 82 circuit ID sub-option with group 1.

[Switch-Ethernet1/1] dhcp-snooping information circuit-id string group1

[Switch-Ethernet1/1] quit

# Enable Ethernet 1/2 to support Option 82.

[Switch] interface ethernet 1/2

[Switch-Ethernet1/2] dhcp-snooping information enable

# Pad the Option 82 circuit ID sub-option with group 2.

[Switch-Ethernet1/2] dhcp-snooping information circuit-id string group2

[Switch-Ethernet1/2] quit

# Enable Ethernet 1/3 to support Option 82.

[Switch] interface ethernet 1/3

[Switch-Ethernet1/3] dhcp-snooping information enable
[Switch-Ethernet1/3] quit

# Pad the Option 82 circuit ID sub-option with group 3.

[Switch-Ethernet1/3] dhcp-snooping information circuit-id string group3

[Switch-Ethernet1/3] quit

II. Configuration file

<Switch> display current-configuration

#
interface Ethernet1/1
port link-mode bridge
dhcp-snooping information enable
dhcp-snooping information circuit-id string group1
#
interface Ethernet1/2
port link-mode bridge
dhcp-snooping information enable
dhcp-snooping information circuit-id string group2
#
interface Ethernet1/3
port link-mode bridge
dhcp-snooping information enable
dhcp-snooping information circuit-id string group3
#
interface Ethernet1/4

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 7/10

 DHCP Snooping Option 82 Configuration Examples

port link-mode bridge

dhcp-snooping trust
#

4.4.2 Configuration on the DHCP Server

I. Configuration steps

You can use the following two methods to configure Option 82:

z User-defined method: Manually specify the content of Option 82.

z Non-user-defined method: Pad Option 82 in the default normal or verbose format.

For the second method, the circuit ID sub-option format is as shown in Figure 3 .

Figure 3 Circuit ID sub-option format

For example, for clients connected to Ethernet 1/1, the circuit ID sub-option is padded
with group 1. The circuit ID sub-option in DHCP packets should contain the following
information: 0x010667726F757031, in which 0106 refers to the number and length of
the circuit ID sub-option, and 67726F757031 refers to the hexadecimal value of the
character string group 1.

In this example, IP addresses are assigned according to the group number; therefore,
the DHCP server only needs to assign IP addresses based on the group number
padded in the circuit ID sub-option.

Note:
The DHCP server is configured on a Cisco Catalyst 3745 switch with software version
IOS 12.3(11)T2. To configure a device of another type or version as the DHCP server,
refer to the related user manual.

# Configure the server interface IP address as 192.168.10.1/24.

Server> enable
Server# configure terminal
Server(config)# interface fastethernet 0/0

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 8/10

 DHCP Snooping Option 82 Configuration Examples

Server(config-if)# ip address 192.168.10.1 255.255.255.0

Server(config-if)# exit

# Enable DHCP server, and configure the DHCP server to assign IP addresses based
on Option 82.

Server(config)# service dhcp

Server(config)# ip dhcp use class

# Create a DHCP class for clients in group 1, and specify the corresponding circuit ID
sub-option for matching. For the content not to be matched, enter the wildcard *.

Server(config)# ip dhcp class group1

Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 010667726F757031*
Server(dhcp-class-relayinfo)# exit

# Create a DHCP class for clients in group 2, and specify the corresponding circuit ID
sub-option for matching.

Server(config)# ip dhcp class group2

Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 010667726F757032*
Server(dhcp-class-relayinfo)# exit

# Create a DHCP class for clients in group 3 and specify the corresponding circuit ID
sub-option for matching.

Server(config)# ip dhcp class group3

Server(dhcp-class)# relay agent information
Server(dhcp-class-relayinfo)# relay-information hex 010667726F757033*
Server(dhcp-class-relayinfo)# exit

# Create a DHCP address pool named office, and specify the lease time, gateway
address, DNS server address, and WINS server address for clients.

Server(config)# ip dhcp pool office

Server(dhcp-config)# network 192.168.10.0
Server(dhcp-config)# lease 0 12
Server(dhcp-config)# default-router 192.168.10.1
Server(dhcp-config)# dns-server 192.168.100.2
Server(dhcp-config)# netbios-name-server 192.168.100.3

# Specify address ranges for the three DHCP classes respectively.

Server(dhcp-config)# class group1

Server(dhcp-pool-class)# address range 192.168.10.2 192.168.10.25
Server(dhcp-pool-class)# class group2

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 9/10

 DHCP Snooping Option 82 Configuration Examples

Server(dhcp-pool-class)# address range 192.168.10.100 192.168.10.150

Server(dhcp-pool-class)# class group3
Server(dhcp-pool-class)# address range 192.168.10.151 192.168.10.200

4.4.3 Verification

After completing the above configurations, the DHCP server can automatically assign
IP addresses of the specified range, gateway address, DNS server address, and
WINS server address for clients of each group in the work area.

5 References
z RFC 2131: Dynamic Host Configuration Protocol
z RFC 3046: DHCP Relay Agent Information Option

Copyright 2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of

Hangzhou H3C Technologies Co., Ltd.

The information in this document is subject to change without notice.

Hangzhou H3C Technologies Co., Ltd. www.h3c.com 10/10