| Security Measures
C
13
HAPTER
DHCP Snooping
DHCP S
NOOPING
C
ONFIGURATION
the DHCP client request, including the port and VLAN ID. This allows
DHCP client-server exchange messages to be forwarded between the
server and client without having to flood them to the entire VLAN.
If DHCP Snooping Information Option 82 is enabled on the switch,
◆
information may be inserted into a DHCP request packet received over
any VLAN (depending on DHCP snooping filtering rules). The
information inserted into the relayed packets includes the circuit-id and
remote-id, as well as the gateway Internet address.
When the switch receives DHCP packets from clients that already
◆
include DHCP Option 82 information, the switch can be configured to
set the action policy for these packets. The switch can either drop the
DHCP packets, keep the existing information, or replace it with the
switch's relay information.
Use the IP Service > DHCP > Snooping (Configure Global) page to enable
DHCP Snooping globally on the switch, or to configure MAC Address
Verification.
CLI R
EFERENCES
◆
"DHCPv4 Snooping" on page 899
P
ARAMETERS
These parameters are displayed:
DHCP Snooping Status – Enables DHCP snooping globally.
◆
(Default: Disabled)
DHCP Snooping MAC-Address Verification – Enables or disables
◆
MAC address verification. If the source MAC address in the Ethernet
header of the packet is not same as the client's hardware address in the
DHCP packet, the packet is dropped. (Default: Enabled)
DHCP Snooping Information Option Status – Enables or disables
◆
DHCP Option 82 information relay. (Default: Disabled)
DHCP Snooping Information Option Sub-option Format – Enables
◆
or disables use of sub-type and sub-length fields in circuit-ID (CID) and
remote-ID (RID) in Option 82 information.
DHCP Snooping Information Option Remote ID – Specifies the
◆
MAC address, IP address, or arbitrary identifier of the requesting device
(i.e., the switch in this context).
MAC Address – Inserts a MAC address in the remote ID sub-option
■
for the DHCP snooping agent (i.e., the MAC address of the switch's
CPU). This attribute can be encoded in Hexadecimal or ASCII.
IP Address – Inserts an IP address in the remote ID sub-option for
■
the DHCP snooping agent (i.e., the IP address of the management
interface). This attribute can be encoded in Hexadecimal or ASCII.
– 412 –