Siemens S223 User Manual
User Manual UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5
SURPASS hiD 6615 S223/S323 R1.5
A50010-Y3-C150-2-7619 253
Client Identifier Spoofing
By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized
client identifier field need not be used by the DHCP server.
client identifier field need not be used by the DHCP server.
Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates.
DHCP Server
DHCP Relay Agent
1. DHCP Request
2. DHCP Request + Option 82
3. DHCP Response + Option 82
4. DHCP Response
DHCP Client
Fig. 8.33
DHCP Option 82 Operation
8.8.5.1
Enabling DHCP Option 82
To enable/disable the DHCP option 82, use the following command.
Command Mode
Description
ip dhcp option82
Enables the system to add the DHCP option 82 field.
no ip dhcp option82
Global
Disables the system to add the DHCP option 82 field.
8.8.5.2
Option 82 Sub-Option
The DHCP option 82 enables a DHCP relay agent to include information about itself when
forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use
this information to implement security and IP address assignment policies.
forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use
this information to implement security and IP address assignment policies.
There are 2 sub-options for the DHCP option 82 information as follows:
•
Remote ID
This sub-option may be added by DHCP relay agents which terminate switched or
permanent circuits and have mechanisms to identify the remote host of the circuit.
Note that, the remote ID must be globally unique.
•
Circuit ID
This sub-option may be added by DHCP relay agents which terminate switched or
permanent circuits. It encodes an agent-local identifier of the circuit from which a
DHCP client-to-server packet was received. It is intended for use by DHCP relay
agents in forwarding DHCP responses back to the proper circuit.