Chapter 21 Dhcp Server Screening Command List - D-Link DGS-3000 Series Reference Manual
Layer 2 managed gigabit switch
Hide thumbs
Also See for DGS-3000 Series:
- Reference manual (909 pages) ,
- Hardware installation manual (74 pages) ,
- Hardware installation manual (67 pages)
Table of Contents
Advertisement
DGS-3000 Series Layer 2 Managed Gigabit Switch CLI Reference Guide
Chapter 21 DHCP Server Screening
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist> |
all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration [1min
| 5min | 30min] | trap_log [enable | disable]]
show filter dhcp_server
21-1
config filter dhcp_server
Description
This command is used to configure DHCP server screening.
With DHCP server screening function, illegal DHCP server packet will be filtered. This command is
used to configure the state of the function for filtering of DHCP server packet and to add/delete the
DHCP server binding entry.
This command is useful for projects that support per port control of the DHCP server screening
function. The filter can be based on the DHCP server IP address.
The command has three purposes: (1) To specify to filter all DHCP server packets on the specific
port, (2) to specify to allow some DHCP server packets with pre-defined server IP addresses and
(3) to deny all DHCPOFFER requests by using the default DHCP Server Screening method to
specify explicit "permit" rules for the 3-tuple (DHCP server IP, client's MAC address, and port list
from the DHCP server). With this function, we can restrict the DHCP server to service specific
DHCP clients. This is useful when two DHCP servers are present on the network, one of them
provides the private IP address, and one of them provides the IP address.
Enabling filtering of the DHCP server port state will create one access profile and create one
access rule per port (UDP port = 67). Filter commands in this file will share the same access profile.
Addition of a permit DHCP entry will create one access profile and create one access rule. Filtering
commands in this file will share the same access profile.
Format
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist>
| all] | ports [<portlist> | all] state [enable | disable] | illegal_server_log_suppress_duration
[1min | 5min | 30min] | trap_log [enable | disable]]
Parameters
add permit - Specifies to add a DHCP permit.
server_ip - The IP address of the DHCP server to be filtered.
<ipaddr> - Enter the DHCP server IP address here.
client_mac - (Optional) The MAC address of the DHCP client.
<macaddr> - Enter the DHCP client MAC address here.
ports - The port number of filter DHCP server.
<portlist> - Enter the list of ports to be configured here.
Command List
215
Advertisement
Table of Contents
