◆
◆
◆
Example
This example enables the DHCP Snooping Information Option.
ip dhcp snooping
This command sets the DHCP snooping information option policy for DHCP client
information policy
packets that include Option 82 information.
Syntax
Default Setting
replace
When the DHCP Snooping Information Option is enabled, clients can be
identified by the switch port to which they are connected rather than just their
MAC address. DHCP client-server exchange messages are then forwarded
directly between the server and client without having to flood them to the
entire VLAN.
DHCP snooping must be enabled for the DHCP Option 82 information to be
inserted into packets. When enabled, the switch will only add/remove option
82 information in incoming DCHP packets but not relay them. Packets are
processed as follows:
If an incoming packet is a DHCP request packet with option 82 information,
■
it will modify the option 82 information according to settings specified with
ip dhcp snooping information policy
If an incoming packet is a DHCP request packet without option 82
■
information, enabling the DHCP snooping information option will add
option 82 information to the packet.
If an incoming packet is a DHCP reply packet with option 82 information,
■
enabling the DHCP snooping information option will remove option 82
information from the packet.
DHCP Snooping Information Option 82 and DHCP Relay Information Option 82
(see
page
639) cannot both be enabled at the same time.
Console(config)#ip dhcp snooping information option
Console(config)#
ip dhcp snooping information policy {drop | keep | replace}
drop - Drops the client's request packet instead of relaying it.
keep - Retains the Option 82 information in the client request, and
forwards the packets to trusted ports.
replace - Replaces the Option 82 information circuit-id and remote-id fields
in the client's request with information about the relay agent itself, inserts
the relay agent's address (when DHCP snooping is enabled), and forwards
the packets to trusted ports.
– 273 –
Chapter 8
| General Security Measures
DHCP Snooping
command.