Client Requests With Option 82 - Allied Telesis AT-8100L/8 User Manual

Fast ethernet switches at-8100 series management software command line interface user’s guide alliedware plus version 2.2.5

Hide thumbs Also See for AT-8100L/8:

Installation manual (116 pages)

page of 1956

/ 1956
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 29: DHCP Relay Overview

Client Requests

with Option 82

The previous discussion deals with cases where DHCP requests do not

already contain option-82 information. However, it is possible that the

requests arriving from the clients to the relay agent could already contain

option-82 information. There are two main circumstances in which this can

1. A client is maliciously inserting bogus information into the packet in an

attempt to subvert the process of identifying the client's location.

2. A layer-2 DHCP snooping switch, that sits between the clients and the

DCHP relay, is validly inserting the option-82 information into the

packets. The DHCP snooping switch is not acting as a relay agent, so

it is not filling in the giaddr field (the relay IP address field) in the

packet; it is only inserting the option-82 information.

In case 1, you would want to drop the packets that contain the bogus

information (or, at least remove the bogus information). In case 2, you

would want to forward the valid information to the DHCP server.

To configure the switch to check for the presence of option-82 information

in incoming DHCP requests, configure DHCP-relay agent-option

checking, with the command (in interface mode), use "IP DHCP-RELAY

AGENT-OPTION CHECKING" on page 491.

By default, this will cause the switch to act as follows:

If the incoming DHCP request has a null IP address (0.0.0.0) in the

giaddr field, and contains option-82 information, drop the packet.

This assumes that such a packet has been maliciously created by

If an incoming DHCP request has a non-null in the giaddr field, and

contains option-82 information, then replace the option-82 field

with the current switch's own information. This assumes that a

non-null giaddr field indicates that the packet has already passed

through a valid DHCP relay device, and so the presence of the

option-82 information is not an indication of malicious intent.

The action taken on packets that have a null giaddr field and an option-82

field present cannot be altered once the agent-option check has been

enabled. But, the action taken on packets with a non-null giaddr field and

an option-82 field can be configured. The command to configure this

action is "IP DHCP-RELAY INFORMATION POLICY" on page 492.

Show Quick Links

Quick Links:
Local Management
Resetting the Switch
Restoring the Default Settings to the...

Table of Contents

Client Requests With Option 82 - Allied Telesis AT-8100L/8 User Manual

Hide quick links:

Related Manuals for Allied Telesis AT-8100L/8

Related Content for Allied Telesis AT-8100L/8

This manual is also suitable for:

Table of Contents