Option 82 problem

[Tony Finch]

Александр Сандецкий <alexander.sandetsky at gmail.com> wrote:

> But DHCP service offers the relaying technology. With combination of
> Option 82 it's common practice to setup single server with single network
> interface for DHCP. Option 82 can be used to classify clients by the switch
> (agent IP or MAC), by the switch port, by the vlan, etc.
>
> Relaying assumes the dhcp query comes not from original device and original
> network segment but from some managed switch where client connected. With
> some additional information for identifying client and swithc.
>
> My idea is to not to configure every vlan on the server.

I look after some DHCP servers which handle about 150 subnets, and the
dhcpd.conf doesn't know anything about VLANs, only the network ranges -
it's mostly a collection of subnet{} clauses.

Our network configuration is handled by my colleagues, so I'm vague about
the details. But my understanding is that DHCP relaying is configured on
the routers. Normal DHCP requests are broadcasts, so they are limited to
the local subnet, relaying allows the request to be forwarded to a DHCP
server on a different subnet. So relaying is logically a router function
rather than a switch function.

We also use option 82, but the DHCP servers only use it to log information
about which switch an port number corresponds to which DHCP requests, not
for anything that determines the server's responses. So option 82 is
inserted by our switches, and logically unrelated to relaying.

What I'm vague about is the more complicated stuff on the switches related
to MAC security and DHCP snooping, and whether that messes with DHCP more
than I would expect...

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
democracy, participation, and the co-operative principle