What is DHCP Option 82?
DHCP Option 82, also known as the Relay Agent Information Option, is a DHCP extension that allows network devices to add metadata to DHCP requests. It is used in large-scale networks to control IP address allocation based on the client’s point of attachment.
Why is it needed?
- Logging and tracking the source of the request
- Binding IP addresses to a specific switch port or user
- Enforcing access policies (e.g., AAA, ACL)
Without Option 82, the administrator cannot identify which switch port the DHCP request came from.
Structure of Option 82
| Sub-option | Purpose |
|---|---|
| Circuit ID | Port or VLAN identifier |
| Remote ID | MAC address or device name |
How it works (example)
- The client sends a DHCP Discover
- The switch inserts Option 82
- The DHCP server receives and processes the additional data
- An IP address is assigned based on the Circuit ID / Remote ID
Use cases
- Triple Play service providers
- Ethernet over DSL networks
- Segmented enterprise networks
FAQ
Does Option 82 work with any DHCP server?
No. The DHCP server must support Option 82 processing (e.g., ISC DHCP, Cisco Prime Network Registrar).
Can an attacker forge Option 82?
Only if they have access to the network and act as a DHCP Relay. Typically, this is mitigated by using trusted ports and filtering mechanisms.
How is it related to the BNG?
The BNG uses Option 82 to associate the subscriber with the physical access port and apply the appropriate network policies.
Conclusion
DHCP Option 82 is a powerful mechanism for binding IP addresses to the physical point of attachment. It is a key component in delivering managed and scalable network services.
