Alcatel-Lucent 6850-48 Network Guide
Configuring DHCP Security Features
Configuring DHCP Relay
page 31-16
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
How the Relay Agent Processes DHCP Packets from the Client
The following table describes how the relay agent processes DHCP packets received from clients when the
Option-82 feature is enabled for the switch:
Option-82 feature is enabled for the switch:
How the Relay Agent Processes DHCP Packets from the Server
Note that if a DHCP server does not support Option-82, the server strips the option from the packet. If the
server does support this option, the server will retain the Option-82 data received and send it back in a
reply packet.
server does support this option, the server will retain the Option-82 data received and send it back in a
reply packet.
When the relay agent receives a DHCP packet from the DHCP server and the Option-82 feature is
enabled, the agent will:
enabled, the agent will:
1 Extract the VLAN ID from the Circuit ID suboption field in the packet and compare the MAC address
of the IP router interface for that VLAN to the MAC address contained in the Remote ID suboption field
in the same packet.
of the IP router interface for that VLAN to the MAC address contained in the Remote ID suboption field
in the same packet.
2 If the IP router interface MAC address and the Remote ID MAC address are not the same, then the
agent will drop the packet.
agent will drop the packet.
3 If the two MAC addresses match, then a check is made to see if the slot/port value in the Circuit ID
suboption field in the packet matches a port that is associated with the VLAN also identified in the Circuit
ID suboption field.
suboption field in the packet matches a port that is associated with the VLAN also identified in the Circuit
ID suboption field.
4 If the slot/port information does not identify an actual port associated with the Circuit ID VLAN, then
the agent will drop the packet.
the agent will drop the packet.
5 If the slot/port information does identify an actual port associated with the Circuit ID VLAN, then the
agent strips the Option-82 data from the packet and unicasts the packet to the port identified in the Circuit
ID suboption.
agent strips the Option-82 data from the packet and unicasts the packet to the port identified in the Circuit
ID suboption.
If the DHCP packet from the client ...
The relay agent ...
Contains a zero gateway IP address (0.0.0.0) and
no Option-82 data.
no Option-82 data.
Inserts Option-82 with unique information to
identify the client source.
identify the client source.
Contains a zero gateway IP address (0.0.0.0) and
Option-82 data.
Option-82 data.
Drops the packet, keeps the Option-82 data and
forwards the packet, or replaces the Option-82
data with its own Option-82 data and forwards the
packet.
forwards the packet, or replaces the Option-82
data with its own Option-82 data and forwards the
packet.
The action performed by the relay agent in this
case is determined by the agent information pol-
icy that is configured through the
case is determined by the agent information pol-
icy that is configured through the
command.
By default, this type of DHCP packet is dropped
by the agent.
by the agent.
Contains a non-zero gateway IP address and no
Option-82 data.
Option-82 data.
Drops the packet without any further processing.
Contains a non-zero gateway IP address and
Option-82 data.
Option-82 data.
Drops the packet if the gateway IP address
matches a local subnet, otherwise the packet is
forwarded without inserting Option-82 data.
matches a local subnet, otherwise the packet is
forwarded without inserting Option-82 data.