Wireless LAN Controller DHCP Option 82 Configuration Example

Available Languages

Download Options

  • PDF     (124.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (87.1 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (72.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 24, 2011
Document ID:113302

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

DHCP Option 82 is organized as a single DHCP option that contains information known by the relay agent. It provides additional security when DHCP is used to allocate network addresses. It enables the controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources.

The controller can be configured to add option 82 information to DHCP requests from clients before forwarding the requests to the DHCP server. DHCP servers can then be configured to allocate IP addresses to the wireless client based on the information present in DHCP Option 82. This document provides a configuration example for this scenario.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Basic knowledge on Cisco Unified Wireless Network (CUWN)

  • Basic knowledge of DHCP

Components Used

The information in this document is based on these software and hardware versions:

  • 4400 Wireless LAN Controller that runs firmware version 7.0.116.0

  • 1131 Lightweight Access Point

  • 1310 Lightweight Access Point

  • 802.11a/b/g Wireless LAN Client Adapters that run software version 4.0

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

DHCP Option 82

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. The data items themselves are also called options.

Option 82 contains information known by the relay agent.

The Relay Agent Information option is organized as a single DHCP option that contains one or more sub-options that convey information known by the relay agent. Option 82 was designed to allow a DHCP Relay Agent to insert circuit-specific information into a request that is being forwarded to a DHCP server. This option works by setting two sub-options:

  • Circuit ID

  • Remote ID

The Circuit ID suboption includes information specific to the circuit the request came in on. This suboption is an identifier that is specific to the relay agent, so what kind of circuit is described will vary depending on the relay agent.

The Remote ID suboption includes information on the remote host end of the circuit. This suboption usually contains information that identifies the relay agent. In a wireless network, this would likely be a unique identifier of the wireless access point.

In a Cisco Unified Wireless network, you can configure the controller to append three types of information in the DHCP Option 82.

  • AP-MAC

  • AP-MAC-SSID

  • AP-ETHMAC

DHCP Option 82 is constructed as follows:

sub option 01, Length, Circuit ID, sub option 02, Length, Remote ID

Circuit ID is 0 for all WLANs. Length of suboption 2 will change depending on whether AP MAC or AP MAC-SSID option is used.

For example, if the AP radio MAC address is 001c57437950 and we use the AP-MAC option on the WLC, the DHCP Option 82 information that is appended in the DHCP request will be as follows:

0104000000000206001c57437950

Configure

In this section, you are presented with the information to configure the features described in this document.

In the setup, two lightweight access points are registered to the Wireless LAN Controller (LAP1 and LAP2). You must configure the WLC as a DHCP relay agent and configure DHCP Option 82 so that the clients receive IP addresses from different ranges based on the AP to which they connect.

IP range for clients that connect to LAP1 - 192.168.1.10 192.168.1.20

IP range for clients that connect to LAP2 - 192.168.1.30 192.168.1.40

Here are the AP radio MAC addresses of the two LAPs:

  • LAP1 - 001c57437950

  • LAP2 - 001b53b99b00

This example uses a Cisco IOS® Router as a DHCP server. In this example, a network scope is configured for the pool and two sub scopes are created using the DHCP class feature. Next, the Cisco IOS DHCP server is configured to allocate IP addresses from the two sub scopes based on the relay agent information (DHCP option 82 information) that DHCP server receives in the DHCP request.

Configure the Wireless LAN Controller for DHCP Option 82

Complete these steps in order to configure the wireless LAN controller for DHCP Option 82:

  1. From the WLC GUI, navigate to Controller > Advanced > DHCP.

    The DHCP parameters page appears.

    dhcp-option82-01.gif

  2. On this page, check the Enable DHCP Proxy check box.

  3. Choose a DCHP Option 82 remote ID field format from the DHCP Option 82 Remote ID field format drop-down list.

    As described earlier, the format defines the information that is sent to the DHCP server in Option 82. This example uses the AP-MAC option. Therefore, the AP radio MAC address will be sent in the DHCP request from the WLC to the DHCP server.

    dhcp-option82-02.gif

    Note: The AP includes two types of MAC addresses. AP MAC Address and Base Radio MAC. The WLC appends the Base Radio MAC in Option 82. The base radio MAC of an AP can be identified from the All APs > Details page for the specific AP.

The next step is to configure the Cisco IOS DHCP server.

Configure the Cisco IOS DHCP Server

Complete these steps in order to configure the Cisco IOS DHCP server:

  1. Create a DHCP pool and define a DHCP scope.

  2. Create Classes to define multiple ranges within the scope.

  3. Configure the DHCP relay agent information.

This sample code provides an example of how complete these configuration steps on the Cisco IOS router.

!

!--- This command creates a new DHCP Pool “Option 82.”

ip dhcp pool Option82					

!--- This command defines a network scope for the pool.

network 192.168.1.0 255.255.255.0			
class AA							

!--- This command defines the address range for Class AA.

address range 192.168.1.10 192.168.1.20		
class BB						

!--- This command defines the address range for Class BB.

address range 192.168.1.30 192.168.1.40		
   !
!
ip dhcp class Vendor
!

!--- This command defines a DHCP Class AA and configures !--- relay agent information for the class.

ip dhcp class AA	
relay agent information
relay-information hex 0104000000000206001c57437950
!

!--- This command defines a DHCP Class BB and configures !--- relay agent information for the class.

ip dhcp class BB	
relay agent information
relay-information hex 0104000000000206001b53b99b00

Note: Only the configuration relevant to the DHCP option 82 are shown here. Add other DHCP configurations as required.

When the configuration is complete, the Cisco IOS software looks up a pool based on IP address (giaddr or incoming IP address) and then matches the request to a class or classes configured in the pool in the order in which the classes are specified in the DHCP pool configuration.

When a DHCP address pool has been configured with one or more DHCP classes, the pool becomes a restricted access pool, which means that no addresses are allocated from the pool unless one or more of the classes in the pool is matched. This design allows DHCP classes to be used for either access control (no default class is configured on the pool) or to provide further address range partitions with the subnet of the pool.

Verify

In this configuration example, when a client associated to LAP1 sends a DHCP request, the request reaches the WLC. The WLC acts as a DHCP relay agent, adds DHCP Option 82 information to the DHCP request, and then forwards the request to the external DHCP server, which in this case is the Cisco IOS router.

The DHCP server looks at the DHCP request, examines Option 82 information, and matches it to Class AA. It then allocates an IP address defined for class A. That is, it assigns an IP address from the range 192.168.1.10 - 192.168.1.20.

Similarly, for clients that are associated to LAP2, the DHCP server will assign IP addresses from the range 192.168.1.30 - 192.168.1.40 based on Option 82 information.

Troubleshoot

You can enable the debug ip dhcp server class command on the Cisco IOS router CLI to display the class matching results.

Related Information

Revision History

Revision Publish Date Comments
1.0
24-Oct-2011
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products