Understanding Dhcp Option 82 For Port Security On J-Ex Series Switches - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS

Understanding DHCP Option 82 for Port Security on J-EX Series Switches

DHCP Option 82 Processing
2560
You can use DHCP option 82, also known as the DHCP relay agent information option,
to help protect the switch against attacks such as spoofing (forging) of IP addresses and
MAC addresses, and DHCP IP address starvation. Hosts on untrusted access interfaces
on Ethernet LAN switches send requests for IP addresses in order to access the Internet.
The switch forwards or relays these requests to DHCP servers, and the servers send offers
for IP address leases in response. Attackers can use these messages to perpetrate address
spoofing and starvation.
Option 82 provides information about the network location of a DHCP client, and the
DHCP server uses this information to implement IP addresses or other parameters for
the client. The Junos OS implementation of DHCP option 82 supports RFC 3046, DHCP
Relay Agent Information Option, at
This topic covers:
DHCP Option 82 Processing on page 2560
Suboption Components of Option 82 on page 2561
Configurations of the J-EX Series Switch That Support Option 82 on page 2561
If DHCP option 82 is enabled on the switch, then when a network device—a DHCP
client—that is connected to the switch on an untrusted interface sends a DHCP request,
the switch inserts information about the client's network location into the packet header
of that request. The switch then sends the request to the DHCP server. The DHCP server
reads the option 82 information in the packet header and uses it to implement the IP
address or another parameter for the client. See "Suboption Components of Option 82"
on page 2561 for details about option 82 information.
You can enable DHCP option 82 on a single VLAN or on all VLANs on the switch. You can
also configure it on Layer 3 interfaces (in routed VLAN interfaces, or RVIs) when the
switch is functioning as a relay agent.
When option 82 is enabled on the switch, then this sequence of events occurs when a
DHCP client sends a DHCP request:
The switch receives the request and inserts the option 82 information in the packet
1.
header.
The switch forwards or relays the request to the DHCP server.
2.
The server uses the DHCP option 82 information to formulate its reply and sends a
3.
response back to the switch. It does not alter the option 82 information.
The switch strips the option 82 information from the response packet.
4.
The switch forwards the response packet to the client.
5.
http://tools.ietf.org/html/rfc3046.