Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
0
Replies

cisco 4948 and dhcp snooping option 82

torgashev
Level 1
Level 1

‎09-09-2020 03:45 AM

Hi everybody. i have some triuble with inserting option 82 on switch.

I have the following network diagram configured

1.png

If i use user authorization by mac address or by allocating VLAN per user, the scheme works.

I'm trying to configure port authorization on a switch using option 82

this is a part of my dhcp.conf

authoritative;
ddns-update-style none;
log-facility local7;
always-broadcast on;

if exists agent.circuit-id {
log(info, concat("Lease"," IP ",binary-to-ascii(10, 8,".",leased-address),
" MAC ",binary-to-ascii(16,8,":",substring(hardware,1, 6)),
" port ",binary-to-ascii(10,16, "",substring(option agent.circuit-id, 4,
2)),
" VLAN ",binary-to-ascii(10, 16,"",substring(option agent.circuit-id, 2, 2))
));
}
shared-network isp{
subnet 172.10.0.0 netmask 255.255.255.240 {
}
subnet 192.168.27.0 netmask 255.255.255.0 {
option domain-name-servers 176.111.248.126, 8.8.8.8;
option subnet-mask 255.255.255.0;
option routers 192.168.27.1;
max-lease-time 1296000;
default-lease-time 604800;
include "/etc/dhcp/192.168.27.0.conf";
}

}

zone config

class "inv_sw_192.168.27.2" {
match if (
binary-to-ascii(16, 8, ":", suffix(option agent.remote-id, 6)) = "e8:cc:18:ce:dc:0"
and
binary-to-ascii(10, 8, "", suffix(option agent.circuit-id, 1)) = "2"
);
}
pool {
range 192.168.27.2;
allow members of "inv_sw_192.168.27.2";
}

cisco 4948 with ip unnambered

ip dhcp relay information policy keep
ip dhcp relay information trust-all
ip dhcp snooping vlan 1-99,101-701,703-904,906-907,909-1000,1006-2000,2002-3000
ip dhcp snooping information option format remote-id hostname
ip dhcp snooping
interface Loopback10
description users gateway
ip address 192.168.27.1 255.255.255.0 secondary
ip address 176.111.xxx.1 255.255.255.0
no ip redirects
no ip unreachables
interface Vlan4001
ip unnumbered Loopback10
ip helper-address 172.10.0.2
ip route 0.0.0.0 0.0.0.0 10.255.255.5

 

user switch dlink des-3200

uplink port tagged vlan Managment and uses vlan 4001

port 26 trunk

port 2 untagged 4001

Command: show dhcp_local_relay

DHCP/BOOTP Local Relay Status : Enabled
DHCP/BOOTP Local Relay VID List : 4001

DHCP Relay Agent Information Option 82 Circuit ID : Default
DHCP Relay Agent Information Option 82 Remote ID : E8-CC-18-CE-DC-00
show dhcp_local_relay option_82 ports 1-26

Port Option 82
Policy
---- ---------
1 keep
2 keep

keep policy on all ports.

now on dhcp server i can see discovery from test router

176.111.xxx.1.67 > 172.10.0.2.67: BOOTP/DHCP, Request from 64:ee:b7:14:0a:1e, length 552, hops 1, xid 0x1e4a6015, Flags [none]
Gateway-IP 176.111.xxx.1
Client-Ethernet-Address 64:ee:b7:14:0a:1e
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 64:ee:b7:14:0a:1e
Vendor-Class Option 60, length 8: "MSFT 5.0"
Requested-IP Option 50, length 4: 192.168.27.2
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
BR, Static-Route, YD, YS
NTP, Netbios-Name-Server, Classless-Static-Route-Microsoft, Classless-Static-Route
Agent-Information Option 82, length 29:
Circuit-ID SubOption 1, length 6: ^@^D^OM-!^@^B
Remote-ID SubOption 2, length 19: ^A^QE8-CC-18-CE-DC-00
10:36:41.370527 IP (tos 0x0, ttl 254, id 55673, offset 0, flags [none], proto UDP (17), length 580)
176.111.xxx.1.67 > 172.10.0.2.67: BOOTP/DHCP, Request from 64:ee:b7:14:0a:1e, length 552, hops 1, xid 0x1e4a6015, Flags [none]
Gateway-IP 176.111.xxx.1
Client-Ethernet-Address 64:ee:b7:14:0a:1e
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 64:ee:b7:14:0a:1e
Vendor-Class Option 60, length 8: "MSFT 5.0"
Requested-IP Option 50, length 4: 192.168.27.2
Parameter-Request Option 55, length 12:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Domain-Name
BR, Static-Route, YD, YS
NTP, Netbios-Name-Server, Classless-Static-Route-Microsoft, Classless-Static-Route
Agent-Information Option 82, length 29:
Circuit-ID SubOption 1, length 6: ^@^D^OM-!^@^B
Remote-ID SubOption 2, length 19: ^A^QE8-CC-18-CE-DC-00

but i dont see ACK and OFFERS from server 

where did I make a mistake?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents