Technical information

ADC Telecommunications, Inc.

442 C

HAPTER 16: CONFIGURING DHCP RELAY

Configuring DHCP Authority

DHCP authority is a security feature that prevents spoofing (unauthorized

use) of DHCP assigned IP addresses. Spoofing occurs when a host uses an IP

address that was dynamically assigned to another host via DHCP. DHCP

Authority prevents spoofing of IP addresses by ensuring that IP addresses are

only used by the specific cable modems and the CPE devices to which they

are assigned.

Configured on an interface basis, DHCP Authority ensures that dynamically

assigned IP addresses are used by their original host by tagging Address

Resolution Protocol (ARP) entries within the ARP cache for a specified

interface.

This DHCP Authority ARP entry tagging process operates as follows:

■ Upon booting, the client (such as a cable modem or CPE device) requests

an IP address from the DHCP server. The DHCP relay agent operating on

the interface to which the client is attached, forwards the request to the

DHCP server.

■ Based on the subnet configuration within the provisioning server, the

DHCP server responds with a DHCP offer containing the IP address that

the client should use.

■ After receiving the IP address, the client sends a DHCP Request back to

the DHCP server.

■ The DHCP server sends an acknowledgement (ACK) to the client through

the DHCP relay.

■ When the DHCP relay agent sees this acknowledgement, it verifies

whether the IP address falls within a DHCP Authority range configured on

the interface, and one of these actions occur:

■ If the address does fall within a preconfigured DHCP Authority range

and DHCP Authority is enabled for that interface, an ARP entry is

added to the ARP cache for that interface and tagged as being

assigned via DHCP. This tag is shown as type “

Other” when viewing

the ARP cache for that interface and ensures that specific IP address

only maps to that specific MAC address.