Tuesday, January 17, 2017

The DHCP Option82 Configuration of dhcp option82 service-port(distributing-mode)

Function

This command is used to enable or disable the DHCP option82 feature of the service virtual port. The DHCP feature does not have any mechanism for authentication or security. Thus, the DHCP feature encounters many security problems when it is used in the network. To solve these problems, the DHCP option82 is introduced. After the DHCP option82 feature is enabled, the BRAS can authenticate IDs of access users. After the DHCP option82 feature is disabled, the device only transparently transmits DHCP packets and does not process packets.

Format

dhcp option82 service-port { service-portid | frameid/slotid/portid { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } } { enable | disable }
dhcp option82 service-port frameid/slotid/portid { vpi vpi vci vci [ user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] ] | autosense } { enable | disable }
dhcp option82 service-port frameid/slotid/portid gemport gemport-id { stream | { user-vlan { untagged | priority-tagged | user-vlanid } [ user-encap user-encap ] | user-encap user-encap | user-8021p user-8021p [ user-vlan user-vlanid ] } } { enable | disable }

Parameters

Parameter Description Value
service-portid Indicates the service virtual port. When you need to enable or disable the DHCP option82 feature of the specified service virtual port, use this parameter.
Numeral type,Range:
  • SCUK/SCUL/SCUN:0-32767.
  • SCUB/SCUF:0-16383.
  • SCUH/SCUV:0-131071.
  • MCUD/MCUD1/MCUE:0-20479.
frameid/slotid/portid Indicates the subrack ID, slot ID, and port ID. Enter a slash (/) between the subrack, slot, and port IDs. When you need to enable or disable the DHCP option82 feature of the specified physical port on a board, use this parameter. Please see Differences Between Shelves.
user-vlan Indicate that when the users of the service virtual port are differentiated based on the user-side VLAN, this parameter is used. -
untagged Indicates that when the service virtual port needs to carry multiple services and the services are differentiated by the user-side VLAN, you can specify the packet type as untagged. -
priority-tagged Indicates that users are differentiated by the priority-tagged. When the user-side packets are tagged and this VLAN tag is 0, use this keyword. -
user-vlanid Indicates the VLAN ID. It identifies a VLAN uniquely. Numeral type. Range: 1-4095.
user-encap user-encap
Indicates the user-side encapsulation type. When the users of the service virtual port are differentiated based on the user-side encapsulation type, use this parameter.
  • If the user-side encapsulation type is IPoE, select ipoe.
  • If the user-side encapsulation type is PPPoE, select pppoe.
 Enumerated type. Options: ipoe and pppoe.
user-8021p user-8021p Indicates the user-side priority. When the users of the service virtual port are differentiated based on the user-side priority, use this parameter. Numeral type. Range: 0-7.
vpi vpi Indicates the VPI value to be entered. It is used to identify a user when used with the VCI.
Numeral type. Range:
  • xDSL board. Range: 0-255.
  • Other boards. Range: 0-4095.
vci vci Indicates the VCI value to be entered. It is used to identify a user when used with the VPI.
  • Numeral type. xDSL board. Range: 32-255.
  • Numeral type. Other boards. Range: 32-65535.
gemport gemport-id Indicates the GEM port ID. Numeral type. Range: 128-3999.
stream Indicates the single traffic stream with the Ethernet access type. -
autosense Indicates the auto-sensing service virtual port. When the corresponding service virtual port needs to automatically learn user-side VPI/VCI, use this keyword. -
enable Indicates that the DHCP Option82 feature is enabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is enabled, the DHCP server can allocate IP addresses for users based on this DHCP Option82 option and avoid the spoofing attacks to the DHCP server, such as the DHCP IP exhaustion. -
disable Indicates that the DHCP Option82 feature is disabled. Option 82 is an option of the DHCP packet. Its code is 82, which is used to identify the user. After the feature is disabled, the DHCP server does not perform the Option82 processing for packets. -

Modes

Global config mode

Level

Operator level

Usage Guidelines

  • By default, the DHCP option82 feature of the service virtual port is enabled.
  • By default, the global DHCP option82 is disabled while the DHCP option82 feature of a port is enabled. If the global DHCP option82 is disabled, even if the DHCP option82 feature of a port is enabled, the DHCP option82 feature of the port is disabled. No vendor tag is added to the DHCP packets sent from the port. Only when the DHCP option82 feature is enabled globally and on a port, vendor tags are added to the DHCP packets sent from the port.
  • For connection-orientied service ports, if the network role of a port is not user, the DHCP Option82 feature does not take effect for the port. Specifically, vendor tag information is not added to DHCP packets received from the port regardless of whether the DHCP Option82 feature is enabled or disabled for the port.

Example

To disable the DHCP option82 feature of the service virtual port with VPI/VCI of 0/35 at ADSL port 0/3/0, do as follows:
huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:vpi                                                                       
{ vpi<U><0,4095> }:0                                                             
{ vci<K> }:vci                                                                  
{ vci<U><32,65535> }:35                                                           
{ disable<K>|enable<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:disable       
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0vpi 0 vci 35 disable
To enable the DHCP option82 feature of the service virtual port with GEM port ID of 128 at GPON port 0/3/0, do as follows:
huawei(config)#dhcp option82 service-port   
{ frameid/slotid/portid<S><Length 5-18>|integer<U><0,32767> }:0/3/0             
{ autosense<K>|gemport<K>|stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K>|vpi<K> }:gemport                                                                   
{ integer<U><128,3999> }:128                                                 
{ stream<K>|user-8021p<K>|user-encap<K>|user-vlan<K> }:stream                   
{ disable<K>|enable<K> }:enable                                                 
                                                                                
  Command:                                                                      
          dhcp option82 service-port 0/3/0 gemport 128 stream enable

System Response

  • The system does not display any message after the DHCP option82 feature of the service virtual port is enabled or disabled successfully.

More blog:
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)