beautypg.com

Introduction to ip filtering – H3C Technologies H3C S3600 Series Switches User Manual

Page 687

background image

4-4

Handling policy

Sub-option configuration

The DHCP Snooping device

will…

Circuit ID sub-option is
configured

Forward the packet after
replacing the circuit ID
sub-option of the original
Option 82 with the configured
circuit ID sub-option in ASCII
format.

Remote ID sub-option is
configured

Forward the packet after
replacing the remote ID
sub-option of the original
Option 82 with the configured
remote ID sub-option in ASCII
format.

When receiving a DHCP client’s request without Option 82, the DHCP snooping device will add the

option field with the configured sub-option and then forward the packet. For details, see

Table 4-2

.

Table 4-2 Ways of handling a DHCP packet without Option 82

Sub-option configuration

The DHCP-Snooping device will …

Neither of the two sub-options is configured.

Forward the packet after adding Option 82 with
the default contents.

The format of Option 82 is the one specified with
the dhcp-snooping information format
command or the default HEX format if this
command is not executed.

Circuit ID sub-option is configured.

Forward the packet after adding Option 82 with
the configured circuit ID sub-option in ASCII
format.

Remote ID sub-option is configured.

Forward the packet after adding Option 82 with
the configured remote ID sub-option in ASCII
format.

The circuit ID and remote ID sub-options in Option 82, which can be configured simultaneously or

separately, are independent of each other in terms of configuration sequence.

When the DHCP snooping device receives a DHCP response packet from the DHCP server, the DHCP

snooping device will delete the Option 82 field, if contained, before forwarding the packet, or will directly

forward the packet if the packet does not contain the Option 82 field.

Introduction to IP Filtering

A denial-of-service (DoS) attack means an attempt of an attacker sending a large number of forged

address requests with different source IP addresses to the server so that the network cannot work

normally. The specific effects are as follows:

z

The resources on the server are exhausted, so the server does not respond to other requests.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: