DHCP Snooping Option 82 Data Insertion
DHCP can centrally manage the IP address assignments for a large number of subscribers. When you enable
Option 82, the device identifies a subscriber device that connects to the network (in addition to its MAC
address). Multiple hosts on the subscriber LAN can connect to the same port on the access device and are
uniquely identified.
When you enable Option 82 on the Cisco NX-OS device, the following sequence of events occurs:
1.
The host (DHCP client) generates a DHCP request and broadcasts it on the network.
2.
When the Cisco NX-OS device receives the DHCP request, it adds the Option 82 information in the
packet. The Option 82 information contains the device MAC address (the remote ID suboption) and the
port identifier vlan-ifindex (for non-vPCs) or vlan-vpcid (for vPCs), from which the packet is received
(the circuit ID suboption).
For vPC peer switches, the remote ID suboption contains the vPC switch MAC address, which is unique in
both switches. This MAC address is computed with the vPC domain ID. The Option 82 information is inserted
at the switch where the DHCP request is first received before it is forwarded to the other vPC peer switch.
Note
3.
The device forwards the DHCP request that includes the Option 82 field to the DHCP server.
4.
The DHCP server receives the packet. If the server is Option 82 capable, it can use the remote ID, the
circuit ID, or both to assign IP addresses and implement policies, such as restricting the number of IP
addresses that can be assigned to a single remote ID or circuit ID. The DHCP server echoes the Option
82 field in the DHCP reply.
5.
The DHCP server sends the reply to the Cisco NX-OS device. The Cisco NX-OS device verifies that it
originally inserted the Option 82 data by inspecting the remote ID and possibly the circuit ID fields. The
Cisco NX-OS device removes the Option 82 field and forwards the packet to the interface that connects
to the DHCP client that sent the DHCP request.
If the previously described sequence of events occurs, the following values do not change:
• Circuit ID suboption fields
• Suboption type
• Length of the suboption type
• Circuit ID type
• Length of the circuit ID type
• Remote ID suboption fields
• Suboption type
• Length of the suboption type
• Remote ID type
• Length of the circuit ID type
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
330
Configuring DHCP
DHCP Snooping Option 82 Data Insertion