cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6192
Views
15
Helpful
13
Replies

Option 82 on Cisco Switch

DIT1
Level 1
Level 1
 

Hi! i configure a option 82 on a switch cisco 2960. A switch sending a packet with option 82

photo_2021-07-09_13-16-32.jpg

A format circuit-id is default : vlan-mod-port

A format remote-id is string 

A dhcp received a packet in HEX but message is incorrect when we translate it in text. 

 

wireshark opt82.png

So that we configure type remote-id like string that a message is correct.

But when circuit-id is default and in convertaion procces in text result is incorrect .

het2text.png

Can you help me with configure the circuit-id?

13 Replies 13

balaji.bandi
Hall of Fame
Hall of Fame

No, only access . Configure dhcp relay on our DHCP on WS2016.  A Short network plan:het2text.png

cameron rake
Level 1
Level 1

 

When dealing with options (43, 82) the hex conversion has to be done correctly and there are syntax around that.  For option 43, the conversion tool at https://shimi.net/services/opt43/ works well, and takes out all the guesswork. 

 

I'm not sure if there is a similar tool for option 82, but these two articles address option 82 hex and hex conversion.
https://mrncciew.com/2013/06/08/hex-to-string-conversion/ 

debug ip dhcp server class


https://mrncciew.com/2013/05/18/understanding-dhcp-option-82/ 

debug ip dhcp server packet detail

 

If this information helps or you find the solution, please update this thread.

SW-L3 FW-DHCP Server
SW will add Circuit-id 
L3 FW as DHCP relay will add remote-id, so check the remote-id with the hostname of SW appear in FW.
this is what I know about the remote-id

Oh give me apoligaze i said no enought correct. A problem with circuit-id , sure. I need to know about vlan and port .

DIT1
Level 1
Level 1

0x010600040014020A020F010D6D617230312D617377312D7331 =                                                    D6D617230312D617377312D7331 - mar01-asw1-s1 = remote-id 

0x

01 - suboption

06   length 3 to 7 

00    circut id type 

04   length 5 to 7 octet

0014020A020F010 - vlan-mod-port = cirtcuit-id  how to conver this hex message or how to configure that it will be to read.

 

For example on huawei switch a option 82 message is 0x01324769676162697445746865726E6574302F302F34363A36302E302074616730312D617377322D73312F302F302F302F302F30020648570248F990 to string 2GigabitEthernet0/0/46:60.0 tag01-asw2-s1/0/0/0/0/0HWH��

OK as I mention before, 
FG delete the circuit-id and add it remote-id, 

can you check if you config the port connect to SW as trust may be this make the FW trust the OP 82 circuit-id from SW.

Our firewall FG does not support option82 because we have a special firmware from our security service however we have the same firewall FG but with huawei switch and option82 recived correctly. Sure it's may be for reason of unsupport option82 from Firewall FG...But i want to know whay it really from it.

fffff.png

so your Agent-Circuit-id

0004001e0227 
0001e = VLAN 30

is that right if we in right way.

Yes, that right, vlan id is 30 but where are you got that circuit-id 0004001e0227? may be you mean 00040001e0212 like on a screenshot?

and please explain me how you convert 0001e to vlan 30 ?

I attach each vendor how it build agent-circuit-id, 

for how 

only hex to decimal 

001e = 30 <- and this for cisco agent-circuit-id is for vlan and hence is vlan 30

soo if i want to get a result from circuit-id i need to convert circuit-id to decimal? Okay so what next? 0227 what is?

Review Cisco Networking for a $25 gift card