Cisco Nexus 9000 Series Configuration Manual page 358
Nx-os security configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (276 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
DHCP Relay Agent Option 82
Figure 10: DHCP Relay Agent in a Metropolitan Ethernet Network
This figure shows an example of a metropolitan Ethernet network in which a centralized DHCP server assigns
IP addresses to subscribers connected to the device at the access layer. Because the DHCP clients and their
associated DHCP server do not reside on the same IP network or subnet, a DHCP relay agent is configured
with a helper address to enable broadcast forwarding and to transfer DHCP messages between the clients and
the server.
When you enable Option 82 for the DHCP relay agent on the Cisco NX-OS device, the following sequence
of events occurs:
1. The host (DHCP client) generates a DHCP request and broadcasts it on the network.
2. When the Cisco NX-OS device receives the DHCP request, it adds the Option 82 information in the
packet. The Option 82 information contains the device MAC address (the remote ID suboption) and the
port identifier ifindex (for non-VXLAN VLANs) or vn-segment-id-mod-port (for VXLAN VLANs), from
which the packet is received (the circuit ID suboption). In DHCP relay, the circuit ID is filled with the
ifindex of the SVI or Layer 3 interface on which DHCP relay is configured.
3. The device adds the IP address of the relay agent to the DHCP packet.
4. The device forwards the DHCP request that includes the Option 82 field to the DHCP server.
5. The DHCP server receives the packet. If the server is Option 82 capable, it can use the remote ID, the
circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP
addresses that can be assigned to a single remote ID or circuit ID. The DHCP server echoes the Option
82 field in the DHCP reply.
6. The DHCP server unicasts the reply to the Cisco NX-OS device if the request was relayed to the server
by the device. The Cisco NX-OS device verifies that it originally inserted the Option 82 data by inspecting
the remote ID and possibly the circuit ID fields. The Cisco NX-OS device removes the Option 82 field
and forwards the packet to the interface that connects to the DHCP client that sent the DHCP request.
This figure shows the packet formats for the circuit ID suboption and the remote ID suboption.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
332
Configuring DHCP
- Quick Links:
- Radius and Tacacs+ Security Protocols
Hide quick links:
Advertisement
Table of Contents
