Hello everyone,
Today I will share with you how to deal with user authentication using information from the Option 82 field on NE.
Issue Description
The end-user (in this case ONT) sends a DHCP Discovery packet. Then the OLT (configured as DHCP snooping) receives the packet from ONT, adds an option82 (containing information about the ONT number and port number to which the ONT is connected), and then transmits it to the NE20 router by broadcast. The router receives package DHCP Discovery on the port on which the BRAS service is configured. The router is designed to perform end-user authentication. Router uses an external RADIUS server for this. When sending a query to the RADIUS server, the router should include information about the option82 in the authentication packet. The RADIUS server should authenticate the end-user based on information about the option82. After receiving information from the RADIUS server about the correct authorization of the end-user, the router sends a request to an external DHCP server to obtain the IP address for the end-user (here option 82 is no longer used). In terms of DHCP, the Router is configured as a DHCP relay.
For now, the RADIUS server authenticates end-users based on their MAC address. We want to change it so that authorization takes place using the information contained in option 82.
Solution
The solution is to configure the client-option82 command on the relay interface. The client-option82 command configures the NE20E to trust the access-line-id information (for a DHCP user) sent from the DHCP client.
That is all I want to share with you! Thank you!
