Allowing DHCP Option 82 in Cisco DHCP Relay Agents

Posted on in Networking

cover image for article

If you are using your Cisco Catalyst switches to insert DHCP Option 82 information and you are also using your Cisco routers as DHCP relay-agents (via ip helper-address), you'll notice right away that your Option 82 enabled DHCP requests are not being forwarded by your routers.

As a security measure, Cisco IOS will not forward DHCP requests that contain Option 82 information and a gateway request set to all zeroes. This is the condition of an initial DHCP request that has been rewritten by a Cisco Catalyst switch.

To globally enable these packets to transit all router interfaces, issue the ip dhcp relay information trust-all in configuration mode. If you'd like to maintain this security feature and only trust these requests on certain interfaces, you can issue an interface specific command as seen in the configuration sequence below.

SLAP#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
SLAP(config)# interface FastEthernet 0/0
SLAP(config-if)# ip dhcp relay information trusted
SLAP(config-if)#^Z
SLAP#write memory 
Building configuration...
[OK]
SLAP#

Once you've enabled trust for some or all interfaces, your Option 82 enabled DHCP requests should once again be relayed by your Cisco routers.

Related Reading

Slaptijack's Koding Kraken