Introduction To Ip Filtering - 3Com 4500 PWR 26-Port Configuration Manual
Hide thumbs
Also See for 4500 PWR 26-Port:
- Manual (942 pages) ,
- Configuration manual (870 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
When receiving a DHCP client's request without Option 82, the DHCP snooping device will add the
option field with the configured sub-option and then forward the packet. For details, see
Table 41-2 Ways of handling a DHCP packet without Option 82
Sub-option configuration
Neither of the two sub-options is
co
nfigured.
Circuit ID sub-option is configured.
Re
mote ID sub-option is configured.
The circuit ID and remote ID sub-options in Option 82, which can be configured simultaneously or
separately, are indep
When the DHCP snooping device receives a DHCP response packet from the DHCP server, the DHCP
s
nooping device will delete
forward the packet if the packet does not contain the Option 82 field.
Introduction to IP Filtering
A
denial-of-service (DoS) attack me
a
ddress reque
sts with different so
normally. The specific effects are as follows:
The resources on the server are exhausted, so the server does not respond to other requests.
After receiving such type of packets, a switch needs to send them to the CPU for processing. Too
many request packets cause high CPU usage rate. As a result, the CPU cannot work normally.
The switch can filter invalid IP packets through the DHCP-snooping table and , IP static binding table, or
IP-to-MAC mappings of authenticated 802.1x clients.
DHCP-snooping table
After DHCP snooping is enabled on a switch, a DHCP-snooping table is generated. It is used to record
IP addresses obtained from the DHCP server, MAC addresses, the number of the port through which a
client is connected to the DHCP-snooping-enabled device, and the number of the VLAN to which the
port belongs to. These records are saved as entries in the DHCP-snooping table.
IP static binding table
The DHCP-snooping table only records information about clients that obtains IP address dynamically
through DHCP. If a fixed IP address is configured for a client, the IP address and MAC address of the
Forward the packet after adding Option 82 wi
contents.
The format of Option 82 is the one specified with the
dhcp-snooping information format command or the default
HEX format if this command is not executed.
Forward the packet after adding Option 82 with the configured
circuit ID sub-option in ASCII format.
Forward the packet after adding Option 82 with the configured
remote ID sub-option in ASCII format.
end
ent of each othe
r in terms of configuration
the Opt
ion 82 field, if conta
ans an attempt of an attacker s
urce IP addresses to th
The DHCP-Snooping device will ...
sequence.
ined, before for
e server
41-4
Table
th the default
warding the packet, or will directly
ending a large number o
so that the network cannot work
41-2.
f forged
- Quick Links:
- User Control
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
