DHCP Option 82 is organized as a single DHCP option that contains information known by the relay agent. This feature provides additional security when DHCP is used to allocate network addresses, and enables the Cisco controller to act as a DHCP relay agent to prevent DHCP client requests from untrusted sources.

The controller can be configured to add Option 82 information to DHCP requests from clients before forwarding the requests to a DHCP server. The DHCP server can then be configured to allocate IP addresses to the wireless client based on the information present in DHCP Option 82.

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network. Configuration parameters and other control information are carried in tagged data items that are stored in the Options field of the DHCP message. The data items themselves are also called options. Option 82 contains information known by the relay agent.

The Relay Agent Information option is organized as a single DHCP option that contains one or more suboptions that convey information known by the relay agent. Option 82 was designed to allow a DHCP Relay Agent to insert circuit−specific information into a request that is being forwarded to a DHCP server. This option works by setting two suboptions:

• Circuit ID

• Remote ID

The Circuit ID suboption includes information that is specific to the circuit the request came in on. This suboption is an identifier that is specific to the relay agent. Thus, the circuit that is described will vary depending on the relay agent.

The Remote ID suboption includes information on the remote host–end of the circuit. This suboption usually contains information that identifies the relay agent. In a wireless network, this would likely be a unique identifier of the wireless access point.

Note	All valid Remote ID combinations are separated with a colon (:) as the delimiter.

You can configure the following DHCP Option 82 options in a controller :

• DHCP Enable

• DHCP Opt82 Enable

• DHCP Opt82 Ascii

• DHCP Opt82 RID

• DHCP Opt Format

• DHCP AP MAC

• DHCP SSID

• DHCP AP ETH MAC

• DHCP AP NAME

• DHCP Site Tag

• DHCP AP Location

• DHCP VLAN ID

Note

The controller includes the SSID in ASCII and the VLAN-ID in hexadecimal format within the remote-ID sub-option of option 82 in the outgoing DHCP packets to the server for the following configurations: ipv4 dhcp opt82 format ssid ipv4 dhcp opt82 format vlan-id However, if ipv4 dhcp opt82 ascii configuration is also present, the controller adds VLAN-ID and SSID in ASCII format.

For Cisco Catalyst 9800 Series Configuration Best Practices, see the following link: https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html

The DHCP Option 82 provides additional information on the physical attachment of the client. It enhances security while using DHCP for network address allocation.

The AP DHCP Option82 Support on FlexConnect Local Switching Mode feature enables the AP to act as a DHCP relay agent to prevent DHCP client requests from unreliable sources. As a DHCP relay agent, the AP can add DHCP Option 82 information such as AP MAC, AP Name, and SSID to DHCP requests from clients before forwarding the requests to the DHCP server. Afterward, the DHCP servers can allocate IP addresses to wireless clients based on the data contained within DHCP Option 82.

This feature is supported only in FlexConnect Local Switching mode.