Technical information
Cuda 12000 IP Access Switch CLI Reference Guide
dhcp-authority 139
dhcp-authority
Use this command to configure Dynamic Host Configuration Protocol (DHCP) authority on the
current interface. You can both enable and disable DHCP authority using this command, as well
as configure authority ranges.
DHCP authority is a security feature that prevents spoofing (unauthorized use) of DHCP assigned
IP addresses. DHCP authority provides this security by tagging all Address Resolution Protocol
(ARP) entries that consist of IP addresses that fall within the specified range.
This feature is termed DHCP Authority because those tagged as being assigned via DHCP take
precedence over dynamically assigned (non-DHCP tagged) ARP entries. When viewing the ARP
cache, those entries that are protected by DHCP authority are labelled as type other. This means
that only that specific MAC address will be allowed to map to that specific IP address; ARP
requests by other MAC addresses for that IP address are dropped.
Configuration of DHCP authority consists of a three-step process:
1. Enable DHCP authority on the selected interface.
2. Configure a DHCP authority range specific to the IP interface on the select interface.
3. Reboot the hosts (modems, CPE devices) whose IP addresses you want to protect so that
the DHCP authority configuration takes effect. Note that the ARP entries are tagged as
DHCP assigned (indicated by type other) upon DHCP acknowledgement of the allocated
IP address.
Use the no dhcp-authority command to remove an authority range from the current interface.
For example, no dhcp authority 1 removes the DHCP authority range 1 from the interface.