Ip dhcp snooping information policy, Ip dhcp snooping verify mac-address – Brocade 6910 Ethernet Access Switch Configuration Guide (Supporting R2.2.0.0) User Manual

Brocade 6910 Ethernet Access Switch Configuration Guide

215

53-1002651-02

10

DHCP Snooping

ip dhcp snooping information policy

This command sets the DHCP snooping information option policy for DHCP client packets that
include Option 82 information.

Syntax

ip dhcp snooping information policy {drop | keep | replace}

drop - Drops the client’s request packet instead of relaying it.

keep - Retains the Option 82 information in the client request, and forwards the packets to
trusted ports.

replace - Replaces the Option 82 information circuit-id and remote-id fields in the client’s
request with information about the relay agent itself, inserts the relay agent’s address
(when DHCP snooping is enabled), and forwards the packets to trusted ports.

Default Setting
replace

Command Mode
Global Configuration

Command Usage
When the switch receives DHCP packets from clients that already include DHCP Option 82
information, the switch can be configured to set the action policy for these packets. The switch can
either drop the DHCP packets, keep the existing information, or replace it with the switch’s relay
information.

Example

Console(config)#ip dhcp snooping information policy drop

Console(config)#

ip dhcp snooping verify mac-address

This command verifies the client’s hardware address stored in the DHCP packet against the source
MAC address in the Ethernet header. Use the no form to disable this function.

Syntax

[no] ip dhcp binding verify mac-address

Default Setting
Enabled

Command Mode
Global Configuration

Command Usage
If MAC address verification is enabled, and the source MAC address in the Ethernet header of the
packet is not same as the client’s hardware address in the DHCP packet, the packet is dropped.