Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
6992
Views
5
Helpful
0
Comments

DHCP Option 82 - Service Provider Wi-Fi

Vinay Sharma
Level 7
Level 7

‎12-14-2012 04:25 AM - edited ‎11-18-2020 03:00 AM

     

    Introduction - Brief description of DHCP Option-82

    DHCP option 82 provides additional security when DHCP is used to allocate network addresses. Specifically, it enables the controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources. The controller can be configured to add option 82 information to DHCP request from client before forwarding the request to the DHCP server.

    Traffic flow

    1. The access point forwards all DHCP requests from a client to the controller.
    2. The controller adds the DHCP option 82 payload and forwards the request to the DHCP server.
    3. The payload contains “AP_NAME + SSID” or any other option [ap_mac, ssid+ap_mac, ap_ethmac], depending on what is configured.
    4. DHCP Option 82 has to configure on DHCP server as well with the option what wireless controller is sending.
    5. DHCP server check the string and try to match and allocate IP Address in the specific range.

    This is an existing feature with addition of “AP_NAME + SSID” option.

    Configuration - Through GUI

    Controller --- >> Advanced --- >> DHCP ------------- [configuring option-82]

     

    DHCP Option 82 - Service Provider Wi-Fi 1.jpg

     

    Controller --- >> Interface --------- [Enabling Option-82 on Interface]

     

    DHCP Option 82 - Service Provider Wi-Fi 2.jpg

    Through CLI - Commands

    1. config dhcp opt-82 remote-id [apname:ssid | ap-ethmac | apmac:ssid | ap-mac]
2. config interface dhcp [management | dynamic-interface <interface_name>] option-82 [enable | disable]

Verification Commands

1. show dhcp opt-82
2. show interface detail [management | <interface_name>]

    Example

    (sp-wifi-wlc) >show interface detailed management

Interface Name................................... management

MAC Address...................................... 68:ef:bd:8f:14:4f

IP Address....................................... 9.10.56.10

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 9.10.56.1

External NAT IP State............................ Enabled

External NAT IP Address.......................... 192.168.210.4

VLAN............................................. 56

Quarantine-vlan.................................. 0

Active Physical Port............................. LAG (13)

Primary Physical Port............................ LAG (13)

Backup Physical Port............................. Unconfigured

Primary DHCP Server.............................. 9.1.0.100

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Enabled

Remote ID format................................. apname:ssid

ACL.............................................. Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Enable

     

    Configuration on DHCP Server

    There are multiple DHCP servers that support Option 82 but windows 2003 DHCP server does not support DHCP option-82.

    How to configure it on Cisco switches as DHCP server with option-82

    Configuring DHCP class

    ip dhcp class <class_name>
relay agent information
relay-information hex <string>

NOTE – “STRING” can be divided into following parts “circuit-id” + “agent_type” + “length_of_remote-id” + “remote-id”.
    • Circuit-id – 010400000000 - This is fixed for all Cisco wireless controller.
    • Agent_Type – 02 – This is fixed for all cisco wireless controller.
    • Length of Remote-id – This is not fixed and varies based on “remote-id”.
    • Remote-id – value of DHCP Option-82 attribute configured on wireless controller.

    Example – AP_3600: johnzzx (apname:ssid)

    So the string looks like – 010400000000024141505f333630303a6a6f686e7a7a78

    Configuring DHCP Pool

    ip dhcp pool <pool_name>
network <ip_address> <subnet_mask>
default-router <ip_address>
class <class_name>
address range <start_ip_address> <end_ip_address>

    NOTE – Address range for particular class has to be same network.

    Debugs commands

    There are no specific debug commands for DHCP Option-82 but there are few debug commands on Cisco Switches-

    Commands on wireless Controller

    some existing commands can be used for DHCP.

    1. Debug client <client_mac>
2. Debug dhcp [message | package | service-port] [enable | disable]

    Commands on Cisco switch as DHCP server

    1. Debug ip dhcp server class
    2. Debug ip dhcp server events

    Sample output

    of above debugs on Cisco Switch DHCP server with option-82

    SW-9.10.0.17-BS3-R4-TB1#:40.035: DHCPD: remote id 41505f333530303a6a6f686d

*Mar 26 11:12:40.035: DHCPD: circuit id 00000000
*Mar 26 11:12:40.035: DHCPD: giaddr = 9.10.59.11
*Mar 26 11:12:40.035: DHCPD: interface = Vlan59
*Mar 26 11:12:40.035: DHCPD: class id 4d53465420352e30
*Mar 26 11:12:40.035: DHCPD: out_vlan_id 0
*Mar 26 11:12:40.035: DHCPD: Sending notification of DISCOVER:
*Mar 26 11:12:40.035: DHCPD: htype 1 chaddr 0024.d742.46e4
*Mar 26 11:12:40.035: DHCPD: remote id 41505f333530303a6a6f686d
*Mar
SW-9.10.0.17-BS3-R4-TB1#26 11:12:40.035: DHCPD: circuit id 00000000
*Mar 26 11:12:40.035: DHCPD: giaddr = 9.10.59.11
*Mar 26 11:12:40.035: DHCPD: interface = Vlan59
*Mar 26 11:12:40.035: DHCPD: class id 4d53465420352e30
*Mar 26 11:12:40.035: DHCPD: out_vlan_id 0
*Mar 26 11:12:40.035: DHCPD: Class 'AP_3500_johm' matched by default
*Mar 26 11:12:40.035: DHCPD: Searching for a match to 'relay-information 010400000000020c41505f333530303a6a6f686d' in class AP_3500_johm
*Mar 26 11:12:40.035: DHCPD: input pattern 'relay
SW-9.10.0.17-BS3-R4-TB1#-information 010400000000020c41505f333530303a6a6f686d' matches class AP_3500_johm
*Mar 26 11:12:40.035: DHCPD: input matches class AP_3500_johm
*Mar 26 11:12:42.048: DHCPD: Adding binding to radix tree (9.10.59.46)
*Mar 26 11:12:42.048: DHCPD: Adding binding to hash tree
*Mar 26 11:12:42.048: DHCPD: assigned IP address 9.10.59.46 to client 0100.24d7.4246.e4. (2127 0)
*Mar 26 11:12:42.057: DHCPD: Sending notification of ASSIGNMENT:
*Mar 26 11:12:42.057: DHCPD: address 9.10.59.46 mask 255.255.255.0
*
SW-9.10.0.17-BS3-R4-TB1#Mar 26 11:12:42.057: DHCPD: htype 1 chaddr 0024.d742.46e4
*Mar 26 11:12:42.057: DHCPD: lease time remaining (secs) = 86400
*Mar 26 11:12:42.057: DHCPD: interface = Vlan59
*Mar 26 11:12:42.057: DHCPD: out_vlan_id 0

    SP WiFi Updates on Wireless LAN Controller - 7.3 Release

     

    SP WiFi video.jpg

     

    Features and Use Cases in Release 1.0

    The main features supported in Release 1.0 include:

    • • Controlling, securing, and differentiating services through intelligent policies embedded directly in the network or received through open and standards-based control interfaces to the basic service set (BSS)
    • • Customizing service convergence with zero-touch provisioning across customized networks
    • • Authenticating and authorizing subscribers using Dynamic Host Configuration Protocol (DHCP), RADIUS-based authentication, web logon, Wireless Internet Service Provider roaming (WISPr), MAC address, and IP address
    • • Controlling and accounting for per-subscriber and per-service use for postpaid and prepaid billing
    • • Validating high availability under high scale for:

    – Number of access points per controller               

    – Subscriber count
    – Call rates
    – Load balancers

    Cisco SP Wi-Fi Solution Release 1.0 Data Sheet

    Cisco SP Wi-Fi Services Overview 3.0

    Our SP Wi-Fi Services portfolio is a comprehensive set of services representing a holistic approach to the total lifecycle of service provider Wi-Fi engagements. Starting with a proof of concept, it covers the end-to-end spectrum of planning, building, optimization, and operation services, each assured by Cisco service-level agreements (SLAs). These services are flexible and can be customized.


    • Cisco SP Wi-Fi Proof of Concept Service
    – Demonstration of a centralized management system, with zero-touch service fulfillment for rapid deployments of meshed access points, using a cloud-based architecture hosted in a Cisco data center


    • Cisco SP Wi-Fi RF Plan and Build Service
    – Professional services from Cisco and our Wi-Fi specialized partners
    – Help in planning and deploying the RF components of the Cisco SP Wi-Fi solution
    – Analysis of architectural readiness, with guidance on selecting and prioritizing locations for Wi-Fi
    – RF expertise to obtain the most from your wireless access points
    – Coverage and capacity planning
    – Post-deployment RF analysis assistance to promote deployment success


    • Cisco SP Wi-Fi Core Plan and Build Service
    – Professional services from Cisco and our Wi-Fi specialized partners
    – Help planning and deploying the core components of the Cisco SP Wi-Fi solution
    – Analysis of architectural readiness and assistance with the SP Wi-Fi deployment design
    – Start-to-finish deployment assistance, including a mobile subscriber policy enforcement system
    – Pre-deployment validation to help ensure deployment success
    – Post-deployment knowledge transfers to help ensure your understanding of the solution


    • Cisco SP Wi-Fi Solution Support Service (Reactive)
    – Expert assistance to streamline operation of the Wi-Fi architecture
    – Quick isolation and remediation of unplanned service disruptions
    – Tracking and identification of the root cause of disruptive incidents, which provides valuable information for design changes and to help you scale with mobile subscriber growth


    • Cisco SP Wi-Fi Optimization Services (Proactive)
    – Expert analysis and recommendations for transforming your Wi-Fi architecture into a high-performing, efficient environment
    – Help creating a strategy for managing all the critical components of the Cisco SP Wi-Fi architecture using a suite of Cisco hosted network management applications
    – Availability and performance optimization expertise to validate your planned design changes
    – Collaboration in developing a strategy for managing software releases and changes
    – Continuous learning activities that help your IT staff become more self-sufficient


    • Cisco SP Wi-Fi Assurance Service (Preemptive)
    – Extension of the measurement and analytical capabilities provided by your Cisco SP Wi-Fi architecture
    – Real-time monitoring of various key performance indicators (KPIs) from Cisco network operations center
    – Comprehensive analytics using fault, capacity, availability, and performance information to help ensure reliable operations


    • Cisco SP Wi-Fi Operate Service (End-to-End Platform Management)
    – Monitoring of the managed devices in the your environment to help ensure access points and controllers are properly activated and provisioned
    – Management of incident and problem resolution
    – Identification of operational trends to continually improve performance

    Cisco Service Provider Wi-Fi Solution 3.0 Data Sheet
     

    More Information

    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents