How to use DHCP option 82 on ECS4110-28T for assign different DHCP IP pools to clients ? Follow
Topology
At this example, we will configure 3 DHCP IP pools on the DHCP server. (DHCP server of Linux-mint)
1. Range 10.1.1.100 ~ 10.1.1.200, mask 255.255.255.0
2. Range 10.1.2.100 ~ 10.1.2.200, mask 255.255.255.0
3. Range 10.1.3.100 ~ 10.1.3.200, mask 255.255.255.0
Before set those rules on the DHCP server, you should know what you want to filter. At this example we will use Circuit ID as filter conditions.
Linux-mint DHCP server configuration:
vi /etc/dhcp/dhcpd.cfg
default-lease-time 600;
max-lease-time 7200;
option domain-name-servers 8.8.8.8; #DNS server
# Here will use last two bits of circuit-id as filter condition.
class 'keep1'{
match if(substring(option agent.circuit-id,4,2)=01:01);
} # When PC-1 insert SwitchB E 1/1.
class 'keep2'{
match if(substring(option agent.circuit-id,4,2)=01:02);
} # When NB-1 insert SwitchB E 1/2.
class 'replace'{
match if(substring(option agent.circuit-id,4,2)=01:0B);
} # Replace will be change to SwitchA circuit-id.
#Set the pools on DHCP server.
shared-network group{
subnet 10.1.0.0 netmask 255.255.0.0{
pool {
allow members of 'keep1';
range 10.1.1.100 10.1.1.200;
option subnet-mask 255.255.255.0;
}
pool {
allow members of 'keep2'
range 10.1.2.100 10.1.2.200;
option subnet-mask 255.255.255.0;
}
pool {
allow members of 'replace';
range 10.1.0.100 10.1.0.200;
option subnet-mask 255.255.255.0;
}
}
}
Now we already finish the settings on the DHCP server.
Here we want configure DHCP option 82 at the switches:
Example 1:
If we want to let PC-1 and NB-1 get IP from the DHCP pools "keep1" and "keep2", we should let SwitchA keep the SwitchB DHCP option 82.
SwitchA setting
Step-1: Enable ip dhcp snooping with DHCP option 82
switchA#config
switchA(config)#ip dhcp snooping
switchA(config)#ip dhcp snooping vlan 1
switchA(config)#ip dhcp snooping information option
switchA(config)#interface ethernet 1/1
switchA(config-if)#ip dhcp snooping trust
Step-2: Set the policy as "keep"
switchA(config)#ip dhcp snooping information policy keep
SwitchB setting
Step-1: Enable ip dhcp snooping globally
switchB#config
switchB(config)#ip dhcp snooping
Step-2: Enable ip dhcp snooping on vlan 1
switchB(config)#ip dhcp snooping vlan 1
Step-3: Enable ip dhcp snooping with DHCP option 82
switchB(config)#ip dhcp snooping information option
Step-4: Set trust port on port 11
switchB(config)#interface ethernet 1/11
switchB(config-if)#ip dhcp snooping trust
Result
NB-1: DHCP Discover take the option 82 "Circuit ID: 000400010101".
NB-1: So it can get IP "10.1.1.120" from DHCP pool "keep1"
PC-1: DHCP Discover take the option 82 "Circuit ID: 000400010102".
PC-1: So it can get IP "10.1.2.105" from DHCP pool "keep2"
Example 2:
If we want to let PC-1 and NB-1 get ip from the DHCP pools "replace", we should let SwitchA replace the SwitchB DHCP option 82.
SwitchA setting
Step-1: Enable ip dhcp snooping with DHCP option 82
switchA#config
switchA(config)#ip dhcp snooping
switchA(config)#ip dhcp snooping vlan 1
switchA(config)#ip dhcp snooping information option
switchA(config)#interface ethernet 1/1
switchA(config-if)#ip dhcp snooping trust
Step-2: Set the policy as "replace"
switchA(config)#ip dhcp snooping information policy replace
SwitchB setting
Step-1: Enable ip dhcp snooping globally
switchB#config
switchB(config)#ip dhcp snooping
Step-2: Enable ip dhcp snooping on vlan 1
switchB(config)#ip dhcp snooping vlan 1
Step-3: Enable ip dhcp snooping with DHCP option 82
switchB(config)#ip dhcp snooping information option
Step-4: Set trust port on port 11
switchB(config)#interface ethernet 1/11
switchB(config-if)#ip dhcp snooping trust
Result
NB-1: DHCP Discover take the option 82 "Circuit ID: 00040001010b".
NB-1: So it can get IP "10.1.3.102" from DHCP pool "replace"
PC-1: DHCP Discover take the option 82 "Circuit ID: 00040001010b".
PC-1: So it can get IP "10.1.3.101" from DHCP pool "replace"
Notes:
If you only have one switch that don't need to set "ip dhcp snooping information policy".
Comments
0 comments
Please sign in to leave a comment.