Thanks for the info. Can you also help to put it all together, end-to-end
like?
One scope, multiple classes configured, and clients receiving ranges of IPs
from the same parent subnet.
In this case, how does the switch include the proper info to tell the router
running dhcp to reference one class and not the other?
In the docs, it looks like it is possible, but I do not understand the
relationship of the relay information and the classes configured on the DHCP
server. Many thanks Petr for writing back.
Kindest regards team,
Andrew
On Tue, Oct 27, 2009 at 12:21 PM, Petr Lapukhov <petr_at_internetworkexpert.com
> wrote:
> Karim,
>
> Option 82 identifies physical attachement point at a DHCP relay. For
> your question, the solution would be having two stations connected to
> different physical ports of the same DHCP relay. However, workstations
> usually connect to switches and DHCP relays are normally L3 devices.
> One solution is configuring a Cisco layer 3 switch to act as a DHCP
> relay and insert DCHP Option 82 using the command "ip dhcp relay
> information option". Every port will have different suboption 82
> circuit-id, which allows you identifying it at the DHCP server. DHCP
> relaying is configuring using the "ip dhcp helper-address" command,
> just as usual.
>
> With Cisco hardware, there is another way around - enabling DHCP
> snooping in switches (required L3 switches of course). When this
> feature is enabled, switches working in L2 mode will insert DHCP
> information option (enabled by default using "ip dhcp snooping
> information option") into DHCP packets. Once again, every port will
> have different suboption 82 circuit-id, which allows you identifying
> it at the DHCP server. Notice one caveat however: the giaddr field is
> set to 0.0.0.0 as there is no actual forwarding interface in the
> switch. As this is against the RFC, IOS DHCP server will reject such
> packets by default. You may disable this behavior using the interface
> or global command "ip dhcp relay information trust-all".
>
> To summarize, your problem could be solved in two ways:
>
> 1) Configuring the L3 switch as a DHCP relay
> 2) Configuring the L3 switch working in L2 mode for DHCP snooping
> (notice the 0.0.0.0 giaddr caveat)
>
> Keep in mind that Option 82 format is not standardized and changes
> even between IOS releases. To decode the option format used in your
> particular case, you may follow the approach described in this blog
> post:
>
> http://blog.internetworkexpert.com/2009/07/22/understanding-dhcp-option-82/
>
> HTH,
> --
> Petr Lapukhov, petr_at_INE.com
> CCIE #16379 (R&S/Security/SP/Voice)
>
> Internetwork Expert, Inc.
> http://www.INE.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> 2009/10/27 ALL From_NJ <all.from.nj_at_gmail.com>:
> > Well ... looking at the guide, you can have the same subnet over two
> > separate vlans and the switch that forwards the DHCP requests has to have
> > the correct relay hex info that matches the class. This way the DHCP
> server
> > will know which class to serve the IP from. Same parent subnet, but
> > different IP ranges.
> >
> > It does not appear that this can work on the same VLAN or same interface.
> > You have to have separate interfaces / vlans. I am not clear on the
> > interaction between the remote device (the relay) and the server.
> >
> > It appears that the hex values have to match ... can you just make these
> > up? i do not know ...
> >
> > I have a similar question as you ...
> >
> > Here is the guide I googled / referenced:
> >
> http://www.ciscosystems.org.ro/en/US/docs/ios/12_3t/12_3t4/feature/guide/gdhcpopt.html
> >
> > HTH,
> >
> > Andrew lee Lissitz
> >
> >
> >
> > On Tue, Oct 27, 2009 at 10:06 AM, karim jamali <karim.jamali_at_gmail.com
> >wrote:
> >
> >> Hi,
> >>
> >> I didn't get any reply to my question up to this moment. I hope I will
> get.
> >>
> >>
> >> Best Regards,
> >>
> >> On Tue, Oct 27, 2009 at 4:52 PM, ALL From_NJ <all.from.nj_at_gmail.com
> >wrote:
> >>
> >>> Was there an answer to this? Just wanting to make sure I did not miss
> it
> >>> ...
> >>>
> >>>
> >>>
> >>> On Mon, Oct 26, 2009 at 5:19 AM, karim jamali <
> karim.jamali_at_gmail.com>wrote:
> >>>
> >>>> Dear Experts,
> >>>>
> >>>> I was reading through the DOC CD about DHCP Option 82, and the ability
> to
> >>>> create DHCP classes. Please correct me if I am wrong with the
> following
> >>>> statements:
> >>>>
> >>>> 1)DHCP request is a broadcasted on the LAN segment and it is up to the
> >>>> gateway (giaddress field) to convert it to a unicast ip address
> (relaying
> >>>> the information) when the ip helper-address is used pointing towards
> the
> >>>> server.
> >>>>
> >>>> 2)Based on this giaddress,the server knows that the client from a
> certain
> >>>> subnet requested an ip address, thus it provides it with an ip address
> >>>> from
> >>>> that subnet.
> >>>>
> >>>> 2)Option 82 gives another method to segregate clients other than the
> >>>> subnet
> >>>> in which users reside, i.e. having two hosts on a common vlan (subnet)
> it
> >>>> is
> >>>> still possible to give each host an ip address from a different range
> >>>> which
> >>>> corresponds to a different option 82 (hexadecimal value).This can
> happen
> >>>> by
> >>>> defining a common pool and dividing the pool into classes, where each
> >>>> class
> >>>> is matched by the option 82 value and corresponds to a different range
> of
> >>>> ip
> >>>> addresses.
> >>>>
> >>>> 3)The server will examine the relay agent information, and check it
> >>>> against
> >>>> the list of classes relay-information to find a match. This match will
> >>>> correspond to a certain class and a certain range of ip addresses
> within
> >>>> the
> >>>> pool.
> >>>>
> >>>> The part I don't understand is : Two users are on VLAN X for instance,
> I
> >>>> want to give each an ip address from a different range. I create two
> >>>> different classes each corresponding to a different range of ip
> addresses
> >>>> and to two different relay-information. Does the relay-information
> match
> >>>> the
> >>>> client-id?How is the client associated with a class?
> >>>>
> >>>>
> >>>> An example taken from DOC CD:
> >>>>
> >>>> Defines the DHCP classes and relay information patterns
> >>>>
> >>>> ip dhcp class CLASS1
> >>>>
> >>>> relay agent information
> >>>>
> >>>> relay-information hex 01030a0b0c02050000000123
> >>>>
> >>>> relay-information hex 01030a0b0c02*
> >>>>
> >>>> relay-information hex 01030a0b0c02050000000000 bitmask
> >>>> 0000000000000000000000FF
> >>>>
> >>>>
> >>>> ip dhcp class CLASS2
> >>>>
> >>>> relay agent information
> >>>>
> >>>> relay-information hex 01040102030402020102
> >>>>
> >>>> relay-information hex 01040101030402020102
> >>>>
> >>>>
> >>>> ip dhcp class CLASS3
> >>>>
> >>>> relay agent information
> >>>>
> >>>>
> >>>> ! Associates the DHCP pool with DHCP classes
> >>>>
> >>>> ip dhcp pool ABC
> >>>>
> >>>> network 10.0.20.0 255.255.255.0
> >>>>
> >>>> class CLASS1
> >>>>
> >>>> address range 10.0.20.1 10.0.20.100
> >>>>
> >>>> class CLASS2
> >>>>
> >>>> address range 10.0.20.101 10.0.20.200
> >>>>
> >>>> class CLASS3
> >>>>
> >>>> address range 10.0.20.201 10.0.20.254
> >>>>
> >>>>
> >>>>
> >>>> Thank You
> >>>>
> >>>> Best Regards,
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>> --
> >>> Andrew Lee Lissitz
> >>> all.from.nj_at_gmail.com
> >>>
> >>
> >>
> >>
> >> --
> >> KJ
> >>
> >
> >
> >
> > --
> > Andrew Lee Lissitz
> > all.from.nj_at_gmail.com
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
-- Andrew Lee Lissitz all.from.nj_at_gmail.com Blogs and organic groups at http://www.ccie.netReceived on Tue Oct 27 2009 - 14:13:14 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:01 ART