The Policy Enforcement Manager™ uses DHCP to discover subscribers. The DHCP consists of two components, which includes a protocol for delivering host-specific parameters from a DHCP server to a host, and the ability to allocate network addresses to hosts. The BIG-IP® system processes the DHCP traffic between subscribers and DHCP server and extracts of the subscriber's identity and other information that is important for subscriber handling.
The BIG-IP DHCP module has two functional modes:
- Relay mode: The DHCP-Relay agent handles the DHCP traffic from the subscriber, modifies it as required, and relays it to the DHCP server according to the configuration.
- Forward or pass-through mode: The DHCP module does not relay the messages or modify the message in this mode.
In both modes, the DHCP module snoops the DHCP packets, parses relay-agent options and the allocated IP address, and then extracts session information. The relay-agent options are option 82 for DHCPv4 and options 37 and 38 for DHCPv6.

Subscriber Discovery through DHCP
The DHCP module monitors the clients DHCP traffic after the initial IP allocation and snoops for DHCP lease renewal packets, releasing of the IP address, and reconfiguring requests. This determines when the BIG-IP system can safely delete the session.
Task summary
Creating a listener for DHCPv6 discovery virtual
You can use DHCPv6 to discover subscribers in order to handle traffic for policy enforcement. For each subscriber discovered through DHCPv6, an identifier comprises of remote-id, subscriber-id options (options 37 and 38) and MAC address, as configured in the corresponding DHCPv6 profile.
- On the Main tab, click .
The Listeners screen opens.
- Select DHCPv6 from the profiles list, and click Add.
The New DHCPv6 Discovery Virtual screen opens.
- In the Name field, type a unique name for the listener.
- In the Description field, type a description of the listener.
- For the Source setting, type the IP address or network from which the virtual server will accept traffic.
- In the Destination Address field, type the IP address of the virtual server. For example, ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64.
Tip: For DHCPv6 discovery virtual, the source and destination should be any (::/0).
The system will create a virtual server using the address or network you specify.
- From the VLAN and Tunnel Traffic list, select Enabled on. Then, for the VLANs and Tunnels setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the Available list to the Selected list.
- For the VLANs and Tunnels setting, move the VLANs and tunnels that you want to monitor from the Available list to the Selected list.
- For the DHCP Mode setting, select Relay or Forward to specify the mode in which the DHCP client requests are sent.
- For the Pool Member Configuration setting, add the DHCP virtual servers that are to be members of the pool. Type the Member IP Address and Port number, then click Add.
- From the Subscriber Discovery list, select Enabled. Then, for the Subscriber ID Format setting, select the format you want to implement.
Format |
Description |
---|
MAC Address |
Uses the subscriber ID as the MAC address through which the subscriber ID goes through. |
MAC Address + <Separator> + Option 37 |
Uses the MAC address and the remote ID relay agent option. |
MAC Address + <Separator>+ Option 37 <Separator> + Option 38 |
Uses the MAC address, the remote ID relay agent option and the subscriber ID option. |
MAC Address + <Separator> + Option 38 |
Uses the MAC address and the subscriber ID option. |
Option 37 |
Uses the remote ID relay agent option. |
Option 37 <Separator> + Option 38: |
Uses the remote ID relay agent option and the subscriber ID option. |
Option 38 |
Uses the subscriber ID option. |
TCL Expression |
Uses the TCL expression to format the subscriber ID. |
- From the Authentication Settings list, select Enabled. Then, select the virtual server name from the Authentication Virtual list. Select the User Name Format you want to implement.
The User Name Format has the same options as the Subscriber ID Format, in the Subscriber Discovery setting.
When you create a new DHCPv6 discover virtual, the Policy Enforcement Manager™ also creates a corresponding DHCP profile.
Creating a listener for RADIUS subscriber discovery
You can create listeners that specify the RADIUS discovery virtual for extracting subscriber information from the RADIUS packets. Creating a listener does preliminary setup tasks on the BIG-IP® system for application visibility, intelligent steering, bandwidth management, and reporting.
- On the Main tab, click .
The Listeners screen opens.
- From the Subscriber Discovery Virtuals area, select RADIUS, and click Add.
The New RADIUS Discovery Virtual screen opens.
- In the Name field, type a unique name for the RADIUS discovery virtual.
- In the Description field, type a description of the listener.
- For the Source setting, type the IP address or network from which the virtual server will accept traffic.
- In the Destination Address field, type the IP address of the virtual server. For example, 10.0.0.1 or 10.0.0.0/24.
Note: When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
Tip: You can use a catch-all virtual server (0.0.0.0) to specify all traffic that is delivered to the BIG-IP® system. Configure the source and destination setting, during forwarding mode only. In the relay mode, the client does not have an IP address and the DHCP provides the client with an IP address.
The system will create a virtual server using the address or network you specify.
- To use network address translation, from the Source Address Translation list, select Auto Map.
The system treats all of the self IP addresses as translation addresses.
- From the VLAN and Tunnel Traffic list, select Enabled on. Then, for the VLANs and Tunnels setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the Available list to the Selected list.
- For the Pool Member Configuration setting, add the RADIUS discovery virtual servers that are to be members of the pool. Type the Member IP Address and Port number, then click Add.
- Click Finished.
The Policy Enforcement Manager creates a RADIUS virtual server, and displays in the subscriber discovery list.
When you create a RADIUS discovery virtual for a subscriber, the Policy Enforcement Manager™ creates a corresponding profile ().