1. Manuals
  2. Brands
  3. SMC Networks Manuals
  4. Network Router
  5. 7724M/VSW - annexe 1
  6. Manual

Displaying Dhcp Snooping Configuration; Ip Source Guard - SMC Networks 7824M/VSW - annexe 1 Manual

Extended ethernet switch
Hide thumbs Also See for 7824M/VSW - annexe 1:
Table of Contents

Advertisement

Management Guide
TigerAccess™ EE
8.6.7.13
8.6.8
SMC7824M/VSW
To configure the policy of DHCP option 77 on a specified port, use the following command.
Command
ip dhcp snooping user-class-id
port { replace | keep }
To delete the configured user class ID of DHCP option 77 field, use the following com-
mand.
Command
no ip dhcp snooping user-class-
id port PORT class-id CLASS-ID
no ip dhcp snooping user-class-
id port PORT all

Displaying DHCP Snooping Configuration

To display DHCP snooping table, use the following command.
Command
show ip dhcp snooping
show ip dhcp snooping binding

IP Source Guard

IP source guard is similar to DHCP snooping. This function is used on DHCP snooping
untrusted Layer 2 port. Basically, except for DHCP packets that are allowed by DHCP
snooping process, all IP traffic comes into a port is blocked. If an authorized IP address
from the DHCP server is assigned to a DHCP client, or if a static IP source binding is con-
figured, the IP source guard restricts the IP traffic of client to those source IP addresses
configured in the binding; any IP traffic with a source IP address other than that in the IP
source binding will be filtered out. This filtering limits a host's ability to attack the network
by claiming a neighbor host's IP address.
IP source guard supports the Layer 2 port only, including both access and trunk. For each
untrusted Layer 2 port, there are two levels of IP traffic security filtering:
Source IP Address Filter
IP traffic is filtered based on its source IP address. Only IP traffic with a source IP
address that matches the IP source binding entry is permitted. An IP source address
filter is changed when a new IP source entry binding is created or deleted on the port,
which will be recalculated and reapplied in the hardware to reflect the IP source bind-
ing change. By default, if the IP filter is enabled without any IP source binding on the
port, a default policy that denies all IP traffic is applied to the port. Similarly, when the
IP filter is disabled, any IP source filter policy will be removed from the interface.
Mode
Configures the policy of DHCP option 77 field for the
DHCP Request packet (default: replace)
replace: forwards DHCP packets with user class ID
Global
according to DHCP option 77 field format.
keep: forwards DHCP packets without any user class
ID
Mode
Deletes a configured user class ID of a port.
Global
Deletes all configured user class IDs of a port.
Mode
Shows DHCP snooping configuration.
Enable
Global
Shows DHCP snooping binding entries.
Description
Description
Description
CLI
331

Advertisement

Table of Contents
loading

Related Manuals for SMC Networks 7824M/VSW - annexe 1

Related Content for SMC Networks 7824M/VSW - annexe 1

This manual is also suitable for:

Tigeraccess smc7824m/vsw

Table of Contents