Ip dhcp snooping information policy, Ip dhcp snooping verify mac-address – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual
Page 271

Brocade 6910 Ethernet Access Switch Configuration Guide
215
53-1002651-02
10
DHCP Snooping
ip dhcp snooping information policy
This command sets the DHCP snooping information option policy for DHCP client packets that
include Option 82 information.
Syntax
ip dhcp snooping information policy {drop | keep | replace}
drop - Drops the client’s request packet instead of relaying it.
keep - Retains the Option 82 information in the client request, and forwards the packets to
trusted ports.
replace - Replaces the Option 82 information circuit-id and remote-id fields in the client’s
request with information about the relay agent itself, inserts the relay agent’s address
(when DHCP snooping is enabled), and forwards the packets to trusted ports.
Default Setting
replace
Command Mode
Global Configuration
Command Usage
When the switch receives DHCP packets from clients that already include DHCP Option 82
information, the switch can be configured to set the action policy for these packets. The switch can
either drop the DHCP packets, keep the existing information, or replace it with the switch’s relay
information.
Example
Console(config)#ip dhcp snooping information policy drop
Console(config)#
ip dhcp snooping verify mac-address
This command verifies the client’s hardware address stored in the DHCP packet against the source
MAC address in the Ethernet header. Use the no form to disable this function.
Syntax
[no] ip dhcp binding verify mac-address
Default Setting
Enabled
Command Mode
Global Configuration
Command Usage
If MAC address verification is enabled, and the source MAC address in the Ethernet header of the
packet is not same as the client’s hardware address in the DHCP packet, the packet is dropped.