Our network guys want to implement DHCP option 82 or 'DHCP snooping' which provides additional security on the network and prevents unauthorised DHCP servers from responding to DHCP messages sent from clients.
Has anyone any experience of configuring this in Windows 2003 DHCP? There appears to be little info on this on the net
As its not a standard option it needs defining, its the options required I'm a little unsure of....
Name: Relay Agent Information
DataType: Byte Array /
Description: Custom option 82
Any ideas would be most welcome, thanks, Rob
Sounds like there is some confusion about option 82. This is not an option defined on the DHCP server, it is rather an option field attached to DHCPDISCOVER and REQUEST packets inserted by a DHCP relay agent. Service providers and large enterprises might use this functionality to keep DHCP from being flooded in a VLAN/subnet and making DHCP more secure. Some DHCP servers can limit leases based on the circuit ID provided in the option 82 fields.
Can someone answer the question does Windows Server 2003 leave this option in tact in the replies or does it strip the option out? The relay agent obviously needs the option there to determine which port to return the DHCP traffic to. We are currently on Win2003 DHCP and would like this option to work if at all possible...
I have been working with Server 2003 Standard to use a vendor class to assign an IP address by the option 82 circuit id within the DHCP Discover sent to my DHCP server. It seems that Server 2003 is not option 82 compatible, as my server will not assign a IP address based on the circuit id I entered in binary under my vendor class. Any guidence anyone has on this topis would be appreciated.
Has this ever been fixed? It seems that Server 2008 DOES support the option 82 properly. Is there a work around for Server 2003? What is the entry method for the Circuit ID in a custom Option 82 field?
Surley This has been patched somewhere?
Thanks for anyones assistance in overcoming this limitation in Windows 2003 DHCP Server.
To prevent a rogue DHCP server from entering your network, you can enable DHCP snooping on your switch. This feature allows you to set trust a.nd untrusted interfaces on your switch You can find more information on your switch manual.
www.infotechguyz.com - Server 2008, Exchange 2007 Tutorials
can you provide an updated link?
This one is dead:
Govind [MSFT] - Bereitgestellt am Montag, 13. August 2007 05:53:48http://blogs.technet.com/teamdhcp/archive/2005/09/21/411344.aspx
Or is there another article that describes how to configure a Windows DHCP Server 2003
with option 82?
From the little bit of info out there, the DHCP server(in this case 2008 server) has to accept/read option 82 from DHCP packet.
My clients are getting DHCP from the server...therefore I'm assuming 2008 server is accepting/reading Option 82 from DHCP packet...but now what?
where to do find the Option 82 info on my 2008 server??
Same problem here, I really need to find how to set up this option in Windows 2008 DHCP. All I've found right now is to define the option as in the first post :
Name: Relay Agent Information <OPTIONAL>
Description: Custom option 82 <OPTIONAL>
But I haven't find how I fill the option with the circuit ID and the remote ID on which I want to lease an IP. Some help on that point would be much appreciated.
This support is available in DHCP Server in Windows Server 2012 release candidate (as well as beta). DHCP server now sends back option 82 (relay agent information) back in the server's response. Also, you can create a policy on the DHCP server to assign IP address(es) based on value of the relay agent information option added.
- Proposed as answer by Ace Fekay [MCT]MVP Monday, June 18, 2012 11:53 PM
Are threre any examples there how I add the relay agent IP address to a scope ?
Do I understant that it needs to be i HEX and I then wonder how it should look like.
I want the DHCP server to hand out IP addresses for the remote 172.16.200.0/24 subnet and my Cisco router having the IP helper address command have 172.16.200.1 at the Ethernet port for this subnet .