Table of Contents
Advertisement
ip dhcp snooping
information policy
ip dhcp snooping
verify mac-address
This command sets the DHCP snooping information option policy for DHCP
client packets that include Option 82 information.
S
YNTAX
ip dhcp snooping information policy {drop | keep | replace}
drop - Drops the client's request packet instead of relaying it.
keep - Retains the Option 82 information in the client request, and
forwards the packets to trusted ports.
replace - Replaces the Option 82 information circuit-id and
remote-id fields in the client's request with information about the
relay agent itself, inserts the relay agent's address (when DHCP
snooping is enabled), and forwards the packets to trusted ports.
D
S
EFAULT
ETTING
replace
C
M
OMMAND
ODE
Global Configuration
C
U
OMMAND
SAGE
When the switch receives DHCP packets from clients that already include
DHCP Option 82 information, the switch can be configured to set the action
policy for these packets. The switch can either drop the DHCP packets,
keep the existing information, or replace it with the switch's relay
information.
E
XAMPLE
Console(config)#ip dhcp snooping information policy drop
Console(config)#
This command verifies the client's hardware address stored in the DHCP
packet against the source MAC address in the Ethernet header. Use the no
form to disable this function.
S
YNTAX
[no] ip dhcp binding verify mac-address
D
S
EFAULT
ETTING
Enabled
C
M
OMMAND
ODE
Global Configuration
C
U
OMMAND
SAGE
If MAC address verification is enabled, and the source MAC address in the
Ethernet header of the packet is not same as the client's hardware address
in the DHCP packet, the packet is dropped.
– 689 –
| General Security Measures
C
24
HAPTER
DHCP Snooping
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
