This article provides in-depth analysis of DHCP Option 82 (DHCP Relay Agent) which is one of the +180 DHCP Options available to the DHCP protocol and used by the Bootstrap Protocol (BOOTP) used for allowing diskless client machines to discover and obtain their IP address. We’ll show you how DHCP Option 82 is used when implementing DHCP Snooping, the structure and content of DHCP Option 82, how and where it’s injected and removed from DHCP messages plus much more. You’ll can also download our DHCP/BOOTP Options Excel file and Wireshark packet captures of DHCP packets with Option 82 used in this article to help further understand all topics covered.
Let’s take a look at the list of topics covered in this article:
- The DHCP Options field within a DHCP Packet
- DHCP Option 82 (Agent Relay) Message Format, Structure & Fields
- Detailed Analysis of DHCP Option 82 – SubOption 1 & SubOption2
- Purpose & Usage Examples of DHCP Option 82 (Agent Relay)
- DHCP Snooping & Option 82 (Agent Relay) Considerations. Switches & Trusted – Untrusted Ports
- Summary
It’s highly recommend to read through our DHCP Snooping – DHCP Attack Mitigation article which is a foundation article.
The ‘DHCP Options’ Field within a DHCP Packet
The DHCP Options field is included inside every DHCP packet and is critical for the correct operation of the DHCP/BOOTP protocol. You’d be surprised to know that there are almost 200 different DHCP Options available and there are more added as new features are introduced in the protocol.
The material used in this article such as wireshark DHCP Options 82 packet captures and DHCP/BOOTP Options excel file are freely available to download from our Article Attachments section.
The diagram below shows the structure of a DHCP packet and highlights the position of the DHCP Options field.
It is important to understand that the above DHCP packet is the data payload within an Ethernet frame using UDP as the transport protocol.
The below screenshot was taken from a packet analyzer and shows an Ethernet frame with the DHCP data payload expanded:
We’ve highlighted sections of the DHCP protocol using the same colours as our previous diagram to help the correlation process. Every field shown in our diagram maps directly to the fields of the captured DHCP packet.
The area marked in green is the section where the DHCP Options field is located. In our captured packet there are a total of 8 DHCP Options used, among them is also Option 82 (Agent Information Option).
DHCP Option 82 (Agent Relay) Message Format, Structure & Fields
The DHCP Option 82, aka Agent Relay Information Option or Agent Information Option, was originally created by RFC 3046 to allow the DHCP relay agent (e.g switch, router, firewall or server) to identify itself and the DHCP client that sent the original DHCP message.
The DHCP Option 82 is inserted and removed by the DHCP Agent Relay (e.g switch) as shown in the diagram below:
While some DHCP servers might not support the Option 82 they are still required to copy the Option 82 value received from the DHCP client and include it in all replies back to the client. We’ll discuss the Option 82 insertion and removal process in the next section.
As we saw earlier, the DHCP Options field is positioned at the end of the DHCP packet and always contains multiple DHCP options. This of course means the DHCP Option field varies in length according to the number of options used: