beautypg.com

Changing the forwarding policy, Enabling and disabling subscriber id processing – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 346

background image

To re-enable DHCP option 82 on an interface after it has been disabled, enter the following command
at the Interface level of the CLI.

device(config-if-e1000-1/4)#dhcp snooping relay information

Syntax: [no] dhcp snoopingrelay information

Use the show ip dhcp snooping vlan command to view the ports on which DHCP option 82 processing
is disabled. For more information, refer to

Viewing the ports on which DHCP option 82 is disabled

on

page 347.

Changing the forwarding policy

When the Brocade device receives a DHCP message that contains relay agent information, by default,
the device replaces the information with its own relay agent information. If desired, you can configure
the device to keep the information instead of replacing it, or to drop (discard) messages that contain
relay agent information. To do so, use the CLI commands in this section.

For example, to configure the device to keep the relay agent information contained in a DHCP
message, enter the ip dhcp relay information policy keep command.

device(config)#ip dhcp relay information policy keep

To configure the device to drop DHCP messages that contain relay agent information, enter theip
dhcp relay information policy drop command.

device(config)#ip dhcp relay information policy drop

Syntax: ip dhcp relay information policy policy-type

policy-type can be one of the following:

drop - Configures the device to discard messages containing relay agent information
keep - Configures the device to keep the existing relay agent information
replace - Configures the device to overwrite the relay agent information with the information in the

Brocade configuration. This is the default behavior.

Use the show ip dhcp relay information command to view the forwarding policy configured on the
switch.Refer to

Viewing the circuit Id, remote id, and forwarding policy

on page 347.

Enabling and disabling subscriber ID processing

You can configure a unique subscriber ID (SID) per port. Unlike the CID and RID sub-options, the SID
sub-option is not automatically enabled when DHCP option 82 is enabled. To enable SID processing,
enter commands such as the following.

device(config)#ip dhcp snooping vlan 1

device(config)#interface ethernet 1/4

device(config-if-e1000-1/4)#dhcp snooping relay information subscriber-id Brcd01

The first CLI command enables DHCP snooping and DHCP option 82 on VLAN 1. The second
command changes the CLI configuration level to the Interface configuration level for port e 1/4. The
last command enables interface e 1/4 to insert the SID information in DHCP packets. In this case, the
SID is Brcd01. All other ports in VLAN 1 on which SID is not enabled will send the standard relay
agent information (CID and RID information) only.

Syntax: [no] dhcp snooping relay information option subscriber-id ASCII string

Enter up to 50 alphanumeric characters for ASCII string .

Use the no form of the command to disable SID processing once it is enabled.

Changing the forwarding policy

346

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: