Concept Guide
IPv6 conguration, and two dierent loopback interfaces (loopback 2 and 3). DHCP relay forwards packets using the loopback 2
interface with IPv4 and IPv6 addresses ((2.2.2.2/32 and 2::2/128) from Vlan 2. The same way, the relay uses IPv4 and IPv6 addresses
(3.3.3.3/32 and 3::3/128) of loopback 3 interface from Vlan 3.
Dell(conf)# interface Vlan 2
Dell(conf-if-vl-2)# ip vrf forwarding vrf1
Dell(conf-if-vl-2)# ip address 2.0.0.1/24
Dell(conf-if-vl-2)# ipv6 address 2::1/64
Dell(conf-if-vl-2)# tagged fortyGigE 0/0
Dell(conf-if-vl-2)# ip helper-address vrf vrf1 100.0.0.1
Dell(conf-if-vl-2)# ipv6 helper-address vrf vrf1 100::1
Dell(conf-if-vl-2)# ip dhcp relay source-interface loopback 2
Dell(conf-if-vl-2)# ipv6 dhcp relay source-interface loopback 2
Dell(conf)# interface Vlan 4
Dell(conf-if-vl-4)# ip vrf forwarding vrf1
Dell(conf-if-vl-4)# ip address 4.0.0.1/24
Dell(conf-if-vl-4)# ipv6 address 4::1/64
Dell(conf-if-vl-4)# tagged fortyGigE 0/4
Dell(conf-if-vl-4)# ip helper-address vrf vrf1 100.0.0.1
Dell(conf-if-vl-4)# ipv6 helper-address vrf vrf1 100::1
Dell(conf-if-vl-4)# ip dhcp relay source-interface loopback 3
Dell(conf-if-vl-4)# ipv6 dhcp relay source-interface loopback 3
3 In the below conguration, the DHCP relay source interface is not congured in the VLAN interface. So, the DHCP relay uses the
congured global DHCP relay source interface to forward the packets from the DHCP client to server.
Dell(conf)# interface Vlan 5
Dell(conf-if-vl-4)# ip vrf forwarding vrf1
Dell(conf-if-vl-4)# ip address 4.0.0.1/24
Dell(conf-if-vl-4)# ipv6 address 4::1/64
Dell(conf-if-vl-4)# tagged TenGigE 1/4
Dell(conf-if-vl-4)# ip helper-address vrf vrf1 100.0.0.1
Dell(conf-if-vl-4)# ipv6 helper-address vrf vrf1 100::1
Congure Secure DHCP
DHCP as dened by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects
networks that use dynamic address allocation from spoong and attacks.
• Option 82
• DHCP Snooping
• Dynamic ARP Inspection
• Source Address Validation
Option 82
RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment.
The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID.
Circuit ID
This is the interface on which the client-originated message is received.
Remote ID This identies the host from which the message is received. The value of this sub-option is the MAC address of
the relay agent that adds Option 82.
In DHCPv4 relay , the Option 82 is not added by default. When the ip dhcp relay information-option is congured, the Option
82 with sub-options 1 (Agent Circuit ID) and 2 ( Agent Remote ID) are added to the relayed DHCP packet. The default values of the sub-
options are as follows:
• Default Agent Circuit ID is constructed in the format “VlanID:LagID:SlotId:PortId”
• Default Agent Remote ID is the system MAC address (in binary format)
330
Dynamic Host Conguration Protocol (DHCP)