3-9
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 3 Configuring Remote Access to MPLS VPN
Access Technologies
DHCP Relay Agent Information Option—Option 82
The Cisco 10000 series router supports the Dynamic Host Configuration Protocol (DHCP) relay agent
information option (Option 82) feature when ATM routed bridge encapsulation (RBE) is used to
configure DSL access. This feature communicates information to the DHCP server by using a suboption
of the DHCP relay agent information option called
agent remote ID
. The information sent in the agent
remote ID includes an IP address identifying the relay agent, information about the ATM interface, and
information about the PVC over which the DHCP request came in. The DHCP server can use this
information to make IP address assignments and security policy decisions.
Acting as the DHCP relay agent, the Cisco 10000 series router can also include VPN ID information in
the agent remote ID suboption when forwarding client-originated DHCP packets to a DHCP server that
has knowledge of existing VPNs. The VPN-aware DHCP server receives the DHCP packets and uses the
VPN ID information to determine from which VPN to allocate an address. The DHCP server responds
to the DHCP relay agent and includes information that identifies the originating client.
Note
For more information, see the
DHCP Option 82 Support for Routed Bridge Encapsulation,
Release 12.2(2)T
feature module.
DHCP Relay Support for MPLS VPN Suboptions
The DHCP relay agent information option (Option 82) enables a Dynamic Host Configuration Protocol
(DHCP) relay agent to include information about itself when forwarding client-originated DHCP
packets to a DHCP server. In some environments, the relay agent has access to one or more MPLS VPNs.
A DHCP server that wants to offer service to DHCP clients on those different VPNs needs to know the
VPN where each client resides. The relay agent typically knows about the VPN association of the DHCP
client and includes this information in the relay agent information option.
The DHCP relay support for MPLS VPN suboptions feature allows the Cisco 10000 series router, acting
as the DHCP relay agent, to forward VPN-related information to the DHCP server by using the following
three suboptions of the DHCP relay agent information option:
•
VPN identifier
•
Subnet selection
•
Server identifier override
The DHCP relay agent uses the VPN identifier suboption to tell the DHCP server the VPN for each
DHCP request that it passes on to the DHCP server, and also uses the suboption to properly forward any
DHCP reply that the DHCP server sends back to the relay agent. The VPN identifier suboption contains
the VPN ID configured on the incoming interface to which the client is connected. If you configure the
VRF name but not the VPN ID, the VRF name is used as the VPN identifier suboption. If the interface
is in global routing space, the router does not add the VPN suboptions.
The subnet selection suboption allows the separation of the subnet where the client resides from the
IP address that is used to communicate with the relay agent. In some situations, the relay agent needs to
specify the subnet on which a DHCP client resides that is different from the IP address the DHCP server
can use to communicate with the relay agent. The DHCP relay agent includes the subnet selection
suboption in the relay agent information option, which the relay agent passes on to the DHCP server.
The server identifier override suboption contains the incoming interface IP address, which is the
IP address on the relay agent that is accessible from the client. By using this information, the DHCP
client sends all renew and release packets to the relay agent. The relay agent adds all the VPN suboptions
and then forwards the renew and release packets to the original DHCP server.