Feature Value

The widely used Dynamic Host Configuration Protocol (DHCP) does not support authentication or security mechanisms. Therefore, DHCP encounters many security issues in network applications compared with Peer-to-Peer Protocol (PPP), such as frequent DHCP broadcast, DHCP IP address exhaustion and attacks, IP address spoofing, MAC address spoofing, and user ID spoofing. In addition, DHCP clients cannot be managed in a unified manner. To resolve these issues, RFC3046 defines the "DHCP Relay Agent Information Option" field in DHCP packets. The ID of the field is 82. Therefore, the field is named DHCP Option 82. A DHCP client sends DHCP packets to the DHCP server to request for an IP address. If the DHCP packets carry the Option 82 field, the DHCP server verifies the DHCP client according to the Option 80 field. This ensures the user access security.



Function

DHCP Option 82 is a user security mechanism, which encapsulates the user access information obtained by access devices through relay agent info option (RAIO) into the Option 82 field of the DHCP request packets sent from a user. The data is encapsulated in the format specified by customers. This facilitates the upper-layer authentication server to authenticate users and prevents user account theft and roaming.



OLT.png



Usage Guidelines

Enable Dynamic Host Configuration Protocol (DHCP) Option 82 on the OLT. This configuration is recommended for the DHCP-based Internet access service.



1.Enable DHCP Option 82 on the OLT(support by Thunder-link).

DHCP Option 82 can be enabled or disabled at four levels: global, port, VLAN, and service port levels. This function takes effect only after it is enabled at the four levels. Among the four levels, DHCP Option 82 is disabled only at the global level by default.

The global level: In global config mode, run the dhcp option82 command to enable DHCP Option 82 at the global level.



When you run this command, select the enable, forward, or rebuild parameter based on site requirements. The three parameters can all enable DHCP Option 82 but provide different packet processing policies on the OLT. For details, see the dhcp option82 command.



The port level: In global config mode, run the dhcp option82 port or dhcp option82 boardcommand to enable DHCP Option 82 at the port level.



The VLAN level:

a.In global config mode, run the vlan service-profile command to create a VLAN service profile.

b.Run the dhcp option82 enable command to enable DHCP Option 82 at the VLAN level.

c.Run the commit command to make the profile configuration take effect.

d.Run the quit command to quit the VLAN service profile mode.

e.Run the vlan bind service-profile command to bind the created VLAN service profile to a VLAN.

The service port level: In global config mode, run the dhcp option82 service-port command to enable DHCP Option 82 at the service port level.



2.On the <a href="https://www.thunder-link.com/huawei-ma5800-x2-ac_p1428.html">Huawei MA5800 GPON OLT</a>, run the dhcp-option82 permit-forwarding service-port command with the enableparameter selected, to allow ONT DHCP packets to carry Option 82 information.