header of the packet is not same as the client's hardware address in the
DHCP packet, the packet is dropped. (Default: Enabled)
DHCP Snooping Information Option Status – Enables or disables
◆
DHCP Option 82 information relay. (Default: Disabled)
DHCP Snooping Information Option Sub-option Format – Enables
◆
or disables use of sub-type and sub-length fields in circuit-ID (CID) and
remote-ID (RID) in Option 82 information. (Default: Enabled)
DHCP Snooping Information Option Remote ID – Specifies the
◆
MAC address, IP address, or arbitrary identifier of the requesting device
(i.e., the switch in this context).
MAC Address – Inserts a MAC address in the remote ID sub-option
■
for the DHCP snooping agent (i.e., the MAC address of the switch's
CPU). This attribute can be encoded in Hexadecimal or ASCII.
IP Address – Inserts an IP address in the remote ID sub-option for
■
the DHCP snooping agent (i.e., the IP address of the management
interface). This attribute can be encoded in Hexadecimal or ASCII.
string - An arbitrary string inserted into the remote identifier field.
■
(Range: 1-32 characters)
DHCP Snooping Information Option Policy – Specifies how to
◆
handle DHCP client request packets which already contain Option 82
information.
Drop – Drops the client's request packet instead of relaying it.
■
Keep – Retains the Option 82 information in the client request, and
■
forwards the packets to trusted ports.
Replace – Replaces the Option 82 information circuit-id and
■
remote-id fields in the client's request with information about the
relay agent itself, inserts the relay agent's address (when DHCP
snooping is enabled), and forwards the packets to trusted ports.
(This is the default policy.)
W
I
EB
NTERFACE
To configure global settings for DHCP Snooping:
Click IP Service, DHCP Snooping.
1.
Select Configure Global from the Step list.
2.
Select the required options for the general DHCP snooping process and
3.
for the DHCP snooping information option.
Click Apply
4.
– 411 –
| Security Measures
C
13
HAPTER
DHCP Snooping