Validation Of Server Response Packets - HP ProCurve 2910al Switch Manual

Switches

Hide thumbs Also See for ProCurve 2910al Switch:

Access security manual (594 pages)

Configuration manual (194 pages)

Installation and getting started manual (114 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

page of 126

/ 126
Contents
Table of Contents
Bookmarks

Table of Contents

IP Routing Features

Configuring DHCP Relay

Relay Agent "A"

VLAN

Client

DROP

Figure 3-23. Example Configured To Allow Multiple Relay Agents To Contribute an Option 82 Field

Relay Agent "A"

VLAN

Client

DROP

Figure 3-24. Example Allowing Only an Upstream Relay Agent To Contribute an Option 82 Field

3-56

Relay Agent "B"

VLAN

APPEND

This is an enhancement of the previous example. In this case, each hop for an

accepted client request adds a new Option 82 field to the request. A DHCP

server capable of using multiple Option 82 fields can be configured to use this

approach to keep a more detailed control over leased IP addresses. In this

example, the primary DHCP policy boundary is at relay agent "A", but more

global policy boundaries can exist at relay agents "B" and "C".

Relay Agent "B"

VLAN

No Option 82

Like the first example, above, this configuration drops client requests with

spurious Option 82 fields from clients on the edge relay agent. However, in

this case, only the Option 82 field from the last relay agent is retained for use

by the DHCP server. In this case the DHCP policy boundary is at relay agent

"C". In the previous two examples the boundary was with relay "A".

Validation of Server Response Packets

A valid Option 82 server response to a client request packet includes a copy

of the Option 82 field(s) the server received with the request. With validation

disabled, most variations of Option 82 information are allowed, and the

corresponding server response packets are forwarded.

Server response validation is an option you can specify when configuring

Option 82 DHCP for append, replace, or drop operation. (Refer to "Forwarding

Policies" on page 3-54.) Enabling validation on the routing switch can enhance

protection against DHCP server responses that are either from untrusted

sources or are carrying invalid Option 82 information.

Relay Agent "C"

VLAN

APPEND

Relay Agent "C"

VLAN

REPLACE

VLAN

DHCP

Option

Server

VLAN

DHCP

Option

Server

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 2910al-24g Procurve 2910al-48g Procurve 2910al-48g-poe+Procurve 2-port 10-gbe cx4 al Procurve 10-gbe al Procurve 2910al-24g-poe+

Validation Of Server Response Packets - HP ProCurve 2910al Switch Manual

Validation of Server Response Packets

Hide quick links:

Related Manuals for HP ProCurve 2910al Switch

Related Content for HP ProCurve 2910al Switch

This manual is also suitable for:

Table of Contents