![Icon [all products]](https://www.thunder-link.com/tl-content/uploads/2022/05/Icon-all-products-1.svg "Icon [all products]"){kind=icon}
All productsDHCP Option 82 is a user security mechanism, which encapsulates the user access information obtained by access devices through relay agent info option (RAIO) into the Option 82 field of the DHCP request packets sent from a user. The data is encapsulated in the format specified by customers.
This facilitates the upper-layer authentication server to authenticate users and prevents user account theft and roaming. In this article, we choose Huawei MA5683T for testing, to show you how to configure DHCP on a Huawei MA5683T OLT.
Usage Guidelines
Enable Dynamic Host Configuration Protocol (DHCP) Option 82 on the MA5683T. This configuration is recommended for the DHCP-based Internet access service.
1.Enable DHCP Option 82 on the MA5683T (support by Thunder-link).
DHCP Option 82 can be enabled or disabled at four levels: global, port, VLAN, and service port levels. This function takes effect only after it is enabled at the four levels.
Among the four levels, DHCP Option 82 is disabled only at the global level by default.
The global level: In global config mode, run the DHCP option82 command to enable DHCP Option 82 at the global level.
When you run this command, select the enable, forward, or rebuild parameter based on site requirements. The three parameters can all enable DHCP Option 82 but provide different packet processing policies on the MA5683T. For details, see the DHCP option82 command.
The port level: In global config mode, run the DHCP option82 port or DHCP option82 board command to enable DHCP Option 82 at the port level.
The VLAN level:
a. In global config mode, run the VLAN service-profile command to create a VLAN service profile.
b. Run the DHCP option82 enable command to enable DHCP Option 82 at the VLAN level.
c. Run the commit command to make the profile configuration take effect.
d. Run the quit command to quit the VLAN service profile mode.
e. Run the VLAN bind service-profile command to bind the created VLAN service profile to a VLAN.
The service port level: In global config mode, run the DHCP option82 service-port command to enable DHCP Option 82 at the service port level.
2.On the MA5683T, run the DHCP-option82 permit-forwarding service-port command with the enable parameter selected, to allow ONT DHCP packets to carry Option 82 information.
Example
1. Check the DHCP status of MA5683T
THUNDER_LINK_OLT_MA5683T(config)#display dhcp option82 config DHCP option82 is disabled Maximum length of DHCP packet is 1500 bytes DHCP Sub-Option7 is disabled DHCP Sub-Option90 is disabled THUNDER_LINK_OLT_MA5683T(config)#
2. Check the MAC address learning of the used VLAN
THUNDER_LINK_OLT_MA5683T(config)#display mac-address vlan 491 ---------------------------------------------------------------------- SRV-P BUNDLE TYPE MAC MAC TYPE F /S /P VPI VCI VLAN ID INDEX INDEX ---------------------------------------------------------------------- - - eth 0046-4bbc-b2c1 dynamic 0 /9 /0 - - 491 0 - gpon ec55-f9c3-3da6 dynamic 0 /4 /0 30 1 491 ---------------------------------------------------------------------- Total: 2 Note: F--Frame, S--Slot, P--Port, F/S/P indicates PW Index for PW, A--The MAC address is learned or configured on the aggregation port, VPI indicates ONT ID for PON, VCI indicates GEM index for GPON, v/e--vlan/encap, pri-tag--priority-tagged, ppp--pppoe, ip--ipoe, ip4--ipv4oe, ip6--ipv6oe THUNDER_LINK_OLT_MA5683T(config)#
3. enable the function of MA5683T
THUNDER_LINK_OLT_MA5683T(config)#dhcp option82 enable THUNDER_LINK_OLT_MA5683T(config)# THUNDER_LINK_OLT_MA5683T(config)#display dhcp option82 config DHCP option82 is enabled Maximum length of DHCP packet is 1500 bytes DHCP Sub-Option7 is disabled DHCP Sub-Option90 is disabled THUNDER_LINK_OLT_MA5683T(config)#
4. enable DHCP on service-port
THUNDER_LINK_OLT_MA5683T(config)#dhcp option82 service-port 0 enable THUNDER_LINK_OLT_MA5683T(config)#display dhcp option82 service-port all ------------------------------------------------------------------------- Service- F /S /P VPI VCI Flow Flow Option82 portID Type Para ------------------------------------------------------------------------- 0 0 /4 /0 30 1 vlan 491 Enable ------------------------------------------------------------------------- Note: F--Frame, S--Slot, P--Port, VPI indicates ONT ID for PON, VCI indicates GEM index for GPON THUNDER_LINK_OLT_MA5683T(config)#
5. Check the configure result on SW
[Thunder_link_SW_3328]display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN ------------------------------------------------------------------------------ 10.10.10.200 0046-4bbc-b2c1 I - Vlanif491 10.10.10.254 ec55-f9c3-3da6 18 D-0 GE0/0/1 491 ------------------------------------------------------------------------------ Total:6 Dynamic:1 Static:0 Interface:5 [Thunder_link_SW_3328] [Thunder_link_SW_3328]ping 10.10.10.254 PING 10.10.10.254: 56 data bytes, press CTRL_C to break Reply from 10.10.10.254: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.10.10.254: bytes=56 Sequence=2 ttl=128 time=1 ms Reply from 10.10.10.254: bytes=56 Sequence=3 ttl=128 time=1 ms Reply from 10.10.10.254: bytes=56 Sequence=4 ttl=128 time=1 ms Reply from 10.10.10.254: bytes=56 Sequence=5 ttl=128 time=1 ms --- 10.10.10.254 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms [Thunder_link_SW_3328] Main code on SW side: # ip pool test491 gateway-list 10.10.10.200 network 10.10.10.0 mask 255.255.255.0 # # interface Vlanif491 ip address 10.10.10.200 255.255.255.0 dhcp select global # Main code on OLT side : # [bbs-config] <bbs-config> service-port 0 vlan 491 gpon 0/4/0 ont 30 gemport 1 multi-service user-vlan 491 tag-transform translate # # [dhcp] <dhcp> dhcp option82 service-port 0 enable dhcp option82 enable #
Through above operations, DHCP can be successfully configured on Huawei MA5608T/MA5683T/MA5680T/MA5800 series OLT, it ensures the user access security. Hope this article can help you with your business.