Option 82; Dhcp Snooping - Dell Force10 C150 Configuration Manual
Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)
Hide thumbs
Also See for Force10 C150:
- Manual (57 pages) ,
- Manual (66 pages) ,
- Quick start manual (33 pages)
Table of Contents
Advertisement
•
DHCP Snooping on page 322
•
Dynamic ARP Inspection on page 325
•
Source Address Validation on page 327
Option 82
RFC 3046 (Relay Agent Information option, or Option 82) is used for class-based IP address assignment.
The code for the Relay Agent Information option is 82, and is comprised of two sub-options, Circuit ID
and Remote ID.
•
Circuit ID is the interface on which the client-originated message is received.
•
Remote ID identifies the host from which the message is received. The value of this sub-option is the
MAC address of the relay agent that adds Option 82.
The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can
use this information to:
•
track the number of address requests per relay agent; restricting the number of addresses available per
relay agent can harden a server against address exhaustion attacks.
•
associate client MAC addresses with a relay agent to prevent offering an IP address to a client spoofing
the same MAC address on a different relay agent.
•
assign IP addresses according to the relay agent. This prevents generating DHCP offers in response to
requests from an unauthorized relay agent.
The server echoes the option back to the relay agent in its response, and the relay agent can use the
information in the option to forward a reply out the interface on which the request was received rather than
flooding it on the entire VLAN.
The relay agent strips Option 82 from DHCP responses before forwarding them to the client.
Task
Insert Option 82 into DHCP packets.
For routers between the relay agent
and the DHCP server, enter the
trust-downstream
DHCP Snooping
DHCP Snooping protects networks from spoofing. In the context of DHCP Snooping, all ports are either
trusted or untrusted. By default, all ports are untrusted. Trusted ports are ports through which attackers
cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted.
322
|
Dynamic Host Configuration Protocol
Command Syntax
ip dhcp relay information-option
trust-downstream
[
option.
Command Mode
CONFIGURATION
]
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
