Enabling Dhcp Snooping - Alcatel OmniSwitch 6600 Family Network Configuration Manual

Configuring DHCP Relay
Make sure that Option-82 data insertion is always enabled at the switch or VLAN level. See
•
DHCP Snooping" on page 18-19
The DHCP sever must support the Option-82 feature or at a minimum retain and echo back the Option-
•
82 data field.

Enabling DHCP Snooping

There are two levels of operation available for the DHCP Snooping feature: switch level or VLAN level.
These two levels are exclusive of each other in that they both can not operate on the switch at the same
time. In addition, if the global DHCP relay agent information option (Option-82) is enabled for the switch,
then DHCP Snooping at any level is not available. See
(Option-82)" on page 18-15
Note. DHCP Snooping drops server packets received on untrusted ports (ports that connect to devices
outside the network or firewall). It is important to configure ports connected to DHCP servers as trusted
ports so that traffic to/from the server is not dropped.
Switch-level DHCP Snooping
By default, DHCP Snooping is disabled for the switch. To enable this feature at the switch level, use the
helper dhcp-snooping
-> ip helper dhcp-snooping enable
When DHCP Snooping is enabled at the switch level, all DHCP packets received on all switch ports are
screened/filtered by DHCP Snooping. By default, only client DHCP traffic is allowed on the ports, unless
the trust mode for a port is configured to block or allow all DHCP traffic. See
Mode" on page 18-20
In addition, the following functionality is also activated by default when DHCP Snooping is enabled:
The DHCP Snooping binding table is created and maintained.
•
MAC address verification is performed to compare the source MAC address of the DHCP packet with
•
the client hardware address contained in the packet.
Option-82 data is inserted into the packet and then DHCP reply packets are only sent to the port from
•
where the DHCP request originated, instead of flooding these packets to all ports.
To enable or disable any of the above functionality at the switch level, use the following commands:.
ip helper dhcp-snooping binding
ip helper dhcp-snooping mac-address verification
ip helper dhcp-snooping option-82 data-insertion
Note the following when disabling DHCP Snooping functionality:
Disabling Option-82 is not allowed if the binding table is enabled.
•
Enabling the binding table is not allowed if Option-82 data insertion is not enabled at either the switch
•
or VLAN level.
OmniSwitch 6600 Family Network Configuration Guide
for more information.
for more information.
command. For example:
for more information.
Configuring DHCP Security Features
"Using the Relay Agent Information Option
April 2006
"Enabling
"Configuring the Port Trust
page 18-19
ip