Cisco IOS DHCP Relay Agent

Hello Charles

When a port on a switch is configured as untrusted, then in order for any DHCP packets to be received and processed by that port, they must go through a process called packet validation. This essentially means it examines to see if a packet should be dropped or not. According to this Cisco documentation, one of the validation criteria is the following:

If an untrusted port receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0, it will be dropped unless that packet includes option 82 information

Now the issue gets a bit more complicated due to that pesky DHCP option 82. Option 82 was originally created in order to provide the DHCP relay agent the ability to identify itself and the client that sent the original unmodified DHCP message. But because option 82 is not always understood by all devices, it is often disabled on the switches.

So to answer your question, you should either have option 82 functioning correctly or disable it on the switch, and ensure that the port is trusted.

Your original question sounds concise and simple, but unfortunately, the answer is somewhat complex. You can find more info on these topics at the following links:

I hope this has been helpful!

Laz