beautypg.com

Dhcp relay agent information – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 342

background image

Syntax: enable acl-per-port-per-vlan

• Configure DHCP IPv4 snooping on a specific VLAN using ip dhcp snooping vlan vlan-id . For

example:

Brocade(config)# ip dhcp snooping vlan 2

Syntax: ip dhcp snooping vlan vlan-id

• The trust port setting for DHCP snooping can be specified per VRF. Set the port as a trust port

using dhcp snooping trust vrf vrf-id . The default trust setting for a port is untrusted. For ports that
are connected to host ports, leave their trust settings as untrusted. For example:

Brocade(config)#interface ethernet 1/4

Brocade(config-if-e10000-1/4)# dhcp snooping trust vrf vrf2

Syntax: ip dhcp snooping trust vrf vrf-id

The commands change the CLI to the interface configuration level of port 1/4 and set the trust setting
of port 1/4 on VRF 2 to trusted.

• If the client and server are in the same VLAN, and the client and server ports are L3 interfaces with

IP addresses, you need to configure the IP helper address on the client port. For example:

Brocade(config)# interface ve 2

Brocade(config-vif-2)#ip helper-address 1 10.1.1.2

Syntax: ip helper-address number dhcp server-address

In the example above, 10.1.1.2 is the DHCP server’s IP address.

• If the client and server are in different VLANs, configure the server port as the trust port.
• To clear any entry specific to a VRF instance, use the clear dhcp ip-address vrfvrf-id command as

displayed in the example below.

device(config)#clear dhcp 3.3.3.5 vrf one

Syntax: clear dhcp ip-address vrf vrf-id

• To display the DHCP binding entry, and its current status, use the show arp vrfvrf-id command as

displayed in the example below.

device(config-vif-10)#show arp vrf one

Total number of ARP entries: 10

Entries in VRF one:

No. IP Address MAC Address Type Age Port Status

1 3.3.3.5 bc00.0c35.ee55 Dy-DHCP 0 1/1/11 Valid

2 3.3.3.6 4800.0c88.4166 Dy-DHCP 0 1/1/11 Valid

3 3.3.3.7 fc00.0c99.939b Dy-DHCP 0 1/1/11 Valid

Syntax: show arp vrf vrf-id

DHCP relay agent information

DHCP relay agent information, also known as DHCP option 82, enables a DHCP relay agent to insert
information about a clients’ identity into a DHCP client request being sent to a DHCP server.

When DHCP snooping is enabled on the FastIron switch, DHCP option 82 is automatically enabled.
DHCP packets are processed as follows:

DHCP relay agent information

342

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: