DHCP Option 82

dhcp-option-82

Option 82 in DHCP is an additional security mechanism over DHCP Snooping. DHCP Options 82 is also known as ”DHCP Relay Agent Information”. This additonal security mechanism is used whenever a DHCP Server and Clients are in the different networks. Here, when the client sends a DHCP request message, it is sent  via additional information, Option 82 in DHCP.

 

ethernet-frame-and-dhcp-packet-dhcp-option, DHCP Packet Fields, DHCP Option Field

DHCP Packet Fields

 

Option 82 in DHCP has created with RFC 3046. Basically the duty of this option is identifying both the DHCP Relay Agent (Switch, Router etc.) and the Client who sent DHCP Discover message.

 


You can also check related RFC, Dynamic Host Configuration Protocol (DHCP) Relay Agent Option, RFC 4243.


 

There are different parts in a DHCP Packet. What are these fields? These are: Opcode, Hardware Type, Hardware Address Type, HOps, Transaction Identifier, Seconds, Flags, Client IP, Your IP, Server IP, Relay Agent IP, Client MAC, Server Name, Boot File Name, DHCP Option. This header is located in the data part of Ethernet header.

 

There are more than 200 DHCP options. Each option has a specific duty and has a critical role for  DHCP/BOOT P. According to these options, DHCP packet length can be different. Because every DHCP packet can has different number of DHCP options.

 

dhcp-packet-dhcp-option, DHCP Packet Fields, DHCP Option Field

DHCP Packet Fields, DHCP Option Field

 

Now, let’s explain this extra security mechanism step by step.

 

When a client sends a DHCP Discover message, DHCP Relay agent take this message and adds Option 82 to its header. Through the DHCP Server, if are there any nodes in the way, the same message with Option 82 traverses.

 

dhcp-option-82, How DHCP Option 82 is Added to the DHCP Discovery Packet

How DHCP Option 82 is Added to the DHCP Discovery Packet

 

If the  Discover message reached to DHCP Server in the other network, it replies back with DHCP Offer. Again, it adds DHCP Option 82 to the header. And this DHCP Offer comes through DHCP Relay Agent with Options 82. DHCP Relay Agent, removes this field and sends pure DHCP Offer to the client.

 

option-82-dhcp, How DHCP Option 82 is Added to the DHCP Offer Packet

How DHCP Option 82 is Added to the DHCP Offer Packet

 

Here, the important thing is this: The interface that receives “Option 82” must be a “trusted” port. If not, the packet is dropped. Think about it. At the beginning, the client was connected to an untrusted port but it did not send a DHCP Discover Message with Option 82. It only sent DHCP Discover Message. But DHCP Relay Agent, added this DHCP Option to the message. After that, this message with Option 82 in DHCP always traveled through tursted ports. Also on the return way from DHCP Server to the DHCP Relay Agent. At the relay agent, the Option 82 field is removed and the pure DHCP Offer is sent to the client over untrusted port.

 

option-82-in-dhcp, untrusted port receives DHCP packet with Option 82

Untrusted Port Receives DHCP Packet With Option 82

 

In this lesson, we have talked about an important case related with DHCP. This case is related with one of the most important options of DHCP. If you would like to learn the details of DHCP Snooping, you can visit related lesson. In DHCP snooping cisco configuration lesson, you will find the configuration steps of this network security mechanism. In the following lessons, we will also talk about these options.

 


 

Other DHCP Options

Below, you can find some of the other option fields used with Dynamic Host Configuration Protocol. Option numbers, related technologies and the description are also given.

 

2 Time Zone Offset Informs the client about the time zone offset, in seconds.
3 Gateway informas about the default router.
4 Time Server Carries the client the IP address of a time server.
6 DNS Server Carries the IP address of the DNS servers.
7 Log Server Carries the IP address of the syslog server.
12 Hostname Carries the hostname portion of a client’s fully qualified domain name.
15 Domainname Carries the domain name portion of a client’s fully qualified domain name.
42 NTP Servers List of the NTP Servers.
69-70 SMTP, POP3 SMTP, POP3 servers for sending and receiving email used on printers and scanners.

 

Lesson tags: dhxp, option 82
Back to: CCIE Enterprise Infrastructure > DHCP

2 Responses to “DHCP Option 82”


Leave a Reply

Your email address will not be published. Required fields are marked *

CCIE Enterprise Infrastructure

Collapse
Expand
Latest Blog Posts