RE: DHCP Option 82

Hi Karim,

In the configuration guide of 3560, in the source guard section

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/1
2.2_52_se/configuration/guide/swdhcp82.html#wp1328446

I can not see the relation between source guard with mac address filtering
(ip verify source port-security).

Thankyou again

De: karim jamali [mailto:karim.jamali_at_gmail.com]
Enviado el: miircoles, 28 de octubre de 2009 10:36
Para: Antonio Saez; Cisco certification
Asunto: Re: DHCP Option 82

Hi Antonio,

I am not sure about this. Can you just give me the context in which you read
the relationship between option 82 and the port-security feature?

Thanks

Best Regards

On Wed, Oct 28, 2009 at 12:30 PM, Antonio Saez
<antonio.saez.jimenez_at_gmail.com> wrote:

Thanks Karim,

Ok I understand this, but why is needed for source guard port-security
feature?

Regards

De: karim jamali [mailto:karim.jamali_at_gmail.com]
Enviado el: miircoles, 28 de octubre de 2009 8:55
Para: Antonio Saez; Cisco certification
Asunto: Re: DHCP Option 82

Hi,

DHCP option 82 is an optional feature that allows the relay agent to insert
circuit specific information into a request being forwarded to a DHCP
server. This option 82 information can be used by the DHCP server to
implement policies (allocation of addresses based on the requesting subnet
(giaddress) as well as the circuit-id information (e.g: Port on the switch
on which the client resides). For instance, you can have 12 clients on a
common VLAN, and you would like to give 6 of them from a certain range
within the pool, and the other 6 clients from another range in the pool
based on the circuit-id (tied to the switch interface).

For instance:

You can create a pool for a subnet (172.16.12.0/24), within the pool you can
create classes. Each class will have a range of option 82 values, which will
match a range of circuit-ids of the client ports. Thus a client connected to
a certain port, the circuit-id of that port will determine to which class
the client belongs to and thus will issue the client an ip address from a
certain range within that pool. (172.16.12.1 - 172.16.12.20).

So the circuit-id matches option 82 hex value corresponding to the class
which in turn corresponds to a range of ip addresses within the
subnet(pool).

Sample Configuration(Cisco's Website):

Defines the DHCP classes and relay information patterns

ip dhcp class CLASS1
 relay agent information
  relay-information hex 01030a0b0c02050000000123
  relay-information hex 01030a0b0c02*
  relay-information hex 01030a0b0c02050000000000 bitmask
0000000000000000000000FF

ip dhcp class CLASS2
 relay agent information
  relay-information hex 01040102030402020102
  relay-information hex 01040101030402020102

ip dhcp class CLASS3
 relay agent information

! Associates the DHCP pool with DHCP classes
ip dhcp pool ABC
 network 10.0.20.0 255.255.255.0
 class CLASS1
  address range 10.0.20.1 10.0.20.100
class CLASS2
  address range 10.0.20.101 10.0.20.200
 class CLASS3
  address range 10.0.20.201 10.0.20.254

For more information on this topic check:

http://blog.internetworkexpert.com/2009/07/22/understanding-dhcp-option-82/

http://www.faqs.org/rfcs/rfc3046.html

Best Regards,

On Wed, Oct 28, 2009 at 10:30 AM, Antonio Saez
<antonio.saez.jimenez_at_gmail.com> wrote:

Hi all,

I am Reading the doc about dhcp option 82 and not sure I understand it
completely. What is it used for? Is needed for dhcp snoop feature?

Sorry for these basic questions but do not have switches to test it.

Thanks all

Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
Received on Wed Oct 28 2009 - 10:42:04 ART