No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S7700 and S9700 V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Inserting the Option 82 Field in a DHCP Message

Inserting the Option 82 Field in a DHCP Message

Context

The Option 82 field records the location of a DHCP client, and is inserted into a DHCP Request message before being sent to the DHCP server. This allows the DHCP server to assign an IP address and other configurations to the DHCP client, facilitating DHCP client security.

NOTE:
  • DHCP Option 82 must be configured on the user side of a device; otherwise, the DHCP message sent to the DHCP server will not carry Option 82.
  • The total length of all Option82 fields must be between 1 byte to 255 bytes. If their total length exceeds 255 bytes, some Option82 information will be lost.

  • There is no limit on the number of Option 82 fields configured on a device. However, a large number of Option 82 fields will occupy a lot of memory and slow down device processing. To ensure device performance, take into account the service requirements and device memory size when configuring Option 82 fields.

Procedure

  1. Run system-view

    The system view is displayed.

  2. You can configure the device to insert the Option 82 field in a DHCP message in the interface view or VLAN view.

    View Steps
    VLAN view
    1. Run the vlan vlan-id command to enter the VLAN view.

    2. Run the dhcp option82 { insert | rebuild } enable command to enable the device to insert the Option 82 field in a DHCP message.

      By default, the device is disabled from inserting the Option 82 field in a DHCP message.

    3. Run the quit command to return to the system view.
    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the dhcp option82 { insert | rebuild } enable command to enable the device to insert the Option 82 field in a DHCP message.

      By default, the device is disabled from inserting the Option 82 field in a DHCP message.

    3. Run the quit command to return to the system view.

  3. (Optional) You can configure the format of the Option 82 field in the system or interface view. If the configuration is performed in the system view, the configuration takes effect for all interfaces on the device. If the configuration is performed in the interface view, the configuration takes effect only for the specified interface.

    View Steps
    System view
    1. Run the dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common | extend | user-defined text } command to configure the format of the Option 82 field in a DHCP message.

      By default, the format of the Option 82 field in a DHCP message is default.

    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.

    2. Run the dhcp option82 [ vlan vlan-id ] [ ce-vlan ce-vlan-id ] [ circuit-id | remote-id ] format { default | common | extend | user-defined text } command to configure the format of the Option 82 field in a DHCP message.

      By default, the format of the Option 82 field in a DHCP message is default.

    3. Run the quit command to return to the system view.

  4. (Optional) Run dhcp option82 subscriber-id format { ascii ascii-text | hex hex-text }

    The Sub6 suboption is inserted into the Option 82 field of DHCP messages and the format of the Sub6 suboption is configured.

    By default, the Sub6 suboption is not inserted into the Option 82 field of DHCP messages.

  5. (Optional) Insert the Sub9 suboption into the Option 82 field of DHCP messages.

    The Sub9 suboption has old and new formats. The old format contains the vendor ID, for example, hwid. The new format does not contain the vendor ID.

    • Run the dhcp option82 vendor-specific format vendor-sub-option sub-option-num { ascii ascii-text | hex hex-text | ip-address ip-address &<1-8> | sysname } command to insert the Sub9 suboption of the old format to the Option 82 field of DHCP messages.
    • Insert the Sub9 suboption of the new format into the Option 82 field of DHCP messages.

      View Procedure
      VLAN view
      1. Run the vlan vlan-id command to enter the VLAN view.
      2. Run the dhcp option82 append vendor-specific command to configure the Sub9 suboption of the new format inserted into Option 82.
      3. Run the quit command to return to the system view.
      Interface view
      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the dhcp option82 append vendor-specific command to configure the Sub9 suboption of the new format inserted into Option 82.
      3. Run the quit command to return to the system view.

    By default, Sub9 suboption is not inserted into the Option 82 field of DHCP messages.

    NOTE:
    • When both the dhcp option82 append vendor-specific and dhcp option82 vendor-specific format commands are run, the dhcp option82 append vendor-specific command takes effect.
    • The Sub9 suboption can be inserted into Option 82 only when the Sub9 format is the same as the DHCP packet format. If the formats are different:
      • If the dhcp option82 vendor-specific format command has been run, the Sub9 of the new format cannot be inserted into Option 82.
      • If the dhcp option82 append vendor-specific command has been run, whether the Sub9 of the old format can be inserted depends on the Option 82 insertion method (which is configured using the dhcp option82 enable command).
        • When the Option 82 insertion method is Insert, the Sub9 is not inserted.

        • When the Option 82 insertion method is Rebuild, the Sub9 is reconstructed and then inserted into Option 82.

  6. (Optional) Configure suboptions inserted into the DHCP Option 82 field in the system view, VLAN view, or interface view. If the configuration is performed in the system view, the configuration takes effect for all interfaces on the device. If the configuration is performed in the VLAN view, the configuration takes effect for all DHCP messages from this VLAN that are received by all interfaces. If the configuration is performed in the interface view, the configuration takes effect only for the specified interface.

    View Steps
    System view
    1. Run the dhcp option82 encapsulation { circuit-id | remote-id | subscriber-id | vendor-specific-id } * command to configure suboptions inserted into the DHCP Option 82 field.

      By default, the circuit-id (CID) and remote-id (RID) suboptions are inserted into the DHCP Option 82 field.

    VLAN view
    1. Run the vlan vlan-id command to enter the VLAN view.
    2. Run the dhcp option82 encapsulation { circuit-id | remote-id | subscriber-id | vendor-specific-id } * command to configure suboptions inserted into the DHCP Option 82 field.

      By default, the circuit-id (CID) and remote-id (RID) suboptions are inserted into the DHCP Option 82 field.

    3. Run the quit command to return to the system view.
    Interface view
    1. Run the interface interface-type interface-number command to enter the interface view.
    2. Run the dhcp option82 encapsulation { circuit-id | remote-id | subscriber-id | vendor-specific-id } * command to configure suboptions inserted into the DHCP Option 82 field.

      By default, the circuit-id (CID) and remote-id (RID) suboptions are inserted into the DHCP Option 82 field.

    3. Run the quit command to return to the system view.

Verifying the Configuration

  • Run the display dhcp option82 configuration [ vlan vlan-id | interface interface-type interface-number ] command to view the DHCP Option 82 configuration.
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178319

Views: 137078

Downloads: 78

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next