CCIE must know:Implementation of DHCP snooping
Before introducing the implementation of DHCP snooping function, a very important concept is briefly introduced—option 82.
In the traditional DHCP IP address allocation process, the DHCP Server cannot perceive the specific physical location of the user based on the information in the DHCP request message. Users of the same VLAN have exactly the same permissions on the IP addresses obtained.
In order to realize the security control of the client, RFC 3046 defines the DHCP Relay Agent Information Option option, that is, the –Option 82 option. Used to record the location information of the DHCP Client. The DHCP Snooping device or DHCP Relay passes the precise physical location information of the DHCP Client to the DHCP Server by adding the Option82 option in the DHCP request message, so that the DHCP Server can allocate the appropriate IP address and other configuration information to the host.
Option82 contains two commonly used sub-options, Circuit ID and Remote ID. The Circuit ID sub-option is mainly used to identify information such as the VLAN and interface where the client is located, while the Remote ID sub-option is mainly used to identify the device that the client accesses, generally the MAC address of the device.CCIE must know:Implementation of DHCP snoopingImplementation of DHCP snooping
Before introducing the implementation of DHCP snooping function, a very important concept is briefly introduced—option 82.
In the traditional DHCP IP address allocation process, the DHCP Server cannot perceive the specific physical location of the user based on the information in the DHCP request message. Users of the same VLAN have exactly the same permissions on the IP addresses obtained.
In order to realize the security control of the client, RFC 3046 defines the DHCP Relay Agent Information Option option, that is, the –Option 82 option. Used to record the location information of the DHCP Client. The DHCP Snooping device or DHCP Relay passes the precise physical location information of the DHCP Client to the DHCP Server by adding the Option82 option in the DHCP request message, so that the DHCP Server can allocate the appropriate IP address and other configuration information to the host.
Option82 contains two commonly used sub-options, Circuit ID and Remote ID. The Circuit ID sub-option is mainly used to identify information such as the VLAN and interface where the client is located, while the Remote ID sub-option is mainly used to identify the device that the client accesses, generally the MAC address of the device.
The DHCP Relay device or the Layer 2 network access device can support the Option 82 function when the DHCP Snooping function is enabled. Different devices process DHCP request messages differently. The Option82 function has two methods: Insert and Rebuild:
Insert mode means that when the device receives a DHCP request message, if there is no Option82 option in the message, it will insert the Option82 option; if it contains this option, it will judge whether the Option82 option contains the corresponding remote-id. If it does not, insert the remote-id.
The rebuild method means that when the device receives a DHCP request message, if there is no Option 82 option in the message, the Option 82 option is inserted; if it contains this option, the Option 82 option is deleted and the Option 82 option configured by the administrator on the device is inserted. .
For the Insert and Rebuild methods, when the device receives a response message from the DHCP server, the processing method is the same.
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/
Linkedin: https://www.linkedin.com/company/ielabnetwork/
WhatsApp: +8617782638871
Skype:live:ielab.anna
