beautypg.com

Ip dhcp snooping information policy, Ip dhcp snooping, Information policy – LevelOne GTL-2691 User Manual

Page 950

background image

C

HAPTER

29

| General Security Measures

DHCP Snooping

– 950 –

just their MAC address. DHCP client-server exchange messages are

then forwarded directly between the server and client without having to

flood them to the entire VLAN.

DHCP snooping must be enabled for the DHCP Option 82 information to

be inserted into packets. When enabled, the switch will only add/

remove option 82 information in incoming DCHP packets but not relay

them. Packets are processed as follows:

If an incoming packet is a DHCP request packet with option 82

information, it will modify the option 82 information according to

settings specified with

ip dhcp snooping information policy

command.

If an incoming packet is a DHCP request packet without option 82

information, enabling the DHCP snooping information option will

add option 82 information to the packet.

If an incoming packet is a DHCP reply packet with option 82

information, enabling the DHCP snooping information option will

remove option 82 information from the packet.

E

XAMPLE

This example enables the DHCP Snooping Information Option.

Console(config)#ip dhcp snooping information option

Console(config)#

ip dhcp snooping

information policy

This command sets the DHCP snooping information option policy for DHCP

client packets that include Option 82 information.

S

YNTAX

ip dhcp snooping information policy {drop | keep | replace}

drop - Drops the client’s request packet instead of relaying it.
keep - Retains the Option 82 information in the client request, and

forwards the packets to trusted ports.
replace - Replaces the Option 82 information circuit-id and

remote-id fields in the client’s request with information about the

relay agent itself, inserts the relay agent’s address (when DHCP

snooping is enabled), and forwards the packets to trusted ports.

D

EFAULT

S

ETTING

replace

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

When the switch receives DHCP packets from clients that already include

DHCP Option 82 information, the switch can be configured to set the action

See also other documents in the category LevelOne Routers: