Product guide
IP Routing Features
Configuring DHCP Relay
Table 3-4. Relay Agent Management of DHCP Server Response Packets.
Response Packet Content Option 82
Configuration
Validation Enabled on the
Relay Agent
Validation Disabled
(The Default)
Valid DHCP server response
packet without an Option 82
field.
append, replace,
or drop
1
Drop the server response
packet.
Forward server response
packet to a downstream device.
keep
2
Forward server response
packet to a downstream device.
Forward server response
packet to a downstream device.
The server response packet
carries data indicating a given
routing switch is the primary relay
agent for the original client
request, but the associated
Option 82 field in the response
contains a Remote ID and Circuit
ID combination that did not
originate with the given relay
agent.
append Drop the server response
packet.
Forward server response
packet to a downstream device.
replace or drop
1
Drop the server response
packet.
Drop the server response
packet.
keep
2
Forward server response
packet to a downstream device.
Forward server response
packet to a downstream device.
The server response packet
carries data indicating a given
routing switch is the primary relay
agent for the original client
request, but the associated
Option 82 field in the response
contains a Remote ID that did not
originate with the relay agent.
append Drop the server response
packet.
Forward server response
packet to a downstream device.
replace or drop
1
Drop the server response
packet.
Drop the server response
packet.
keep
2
Forward server response
packet to a downstream device.
Forward server response
packet to a downstream device.
All other server response
packets
3
append, keep
2
,
replace, or drop
1
Forward server response
packet to a downstream device.
Forward server response
packet to a downstream device.
1
Drop is the recommended choice because it protects against an unauthorized client inserting its own Option 82 field for
an incoming request.
2
A routing switch with DHCP Option 82 enabled with the keep option forwards all DHCP server response packets except
those that are not valid for either Option 82 DHCP operation (compliant with RFC 3046) or DHCP operation without Option
82 support (compliant with RFC 2131).
3
A routing switch with DHCP Option 82 enabled drops an inbound server response packet if the packet does not have
any device identified as the primary relay agent (giaddr = null; refer to RFC 2131).
Multinetted VLANs
On a multinetted VLAN, each interface can form an Option 82 policy boundary
within that VLAN if the routing switch is configured to use IP for the remote
ID suboption. That is, if the routing switch is configured with IP as the remote
ID op t ion and a DHC P cl ient request packet is received on a multinetted VLAN,
the IP address used in the Option 82 field will identify the subnet on which the
packet was received instead of the IP address for the VLAN. This enables an
Option 82 DHCP server to support more narrowly defined DHCP policy
boundaries instead of defining the boundaries at the VLAN or whole routing
switch levels. If the MAC address option (the default) is configured instead,
3-34