Manualshelf

User guide

ManualsBrandsAlcatel ManualsComputer equipmentOS6855-24
21222324252627282930
September 2009
OmniSwitch 6400/6850/6855/9000/9000E------ Release 6.4.2.R01 Page 29 of 79
DHCP Relay
DHCP Relay allows you to forward DHCP broadcast requests to configurable DHCP server IP address
in a routing environment.
DHCP Relay is configured using the IP helper set of commands.
Preboot Execution Environment (PXE) support was enabled by default in previous releases. Note that
in this release, it is disabled by default and is now a user-configurable option using the ip helper pxe-
support command.
DHCP Relay Agent Information Option
The DHCP Option-82 feature enables the relay agent to insert identifying information into client-origi-
nated DHCP packets before the packets are forwarded to the DHCP server. The implementation of this
feature is based on the functionality defined in RFC 3046.
When DHCP Option-82 is enabled, communications between a DHCP client and a DHCP server are
authenticated by the relay agent . To accomplish this task, the agent adds Option-82 data to the end of
the options field in DHCP packets sent from a client to a DHCP server.
If the relay agent receives a DHCP packet from a client that already contains Option-82 data, the
packet is dropped by default. However, it is possible to configure a DHCP Option-82 policy that
directs the relay agent to drop, keep, or replace the existing Option-82 data and then forward the packet
to the server.
DHCP Snooping
DHCP Snooping improves network security by filtering DHCP packets received from devices outside
the network and building and maintaining a binding table (database) to log DHCP client access
information. There are two levels of operation available for the DHCP Snooping feature: switch level
or VLAN level.
To identify DHCP traffic that originates from outside the network, DHCP Snooping categorizes ports
as either trusted or untrusted. A port is trusted if it is connected to a device inside the network, such as
a DHCP server. A port is untrusted if it is connected to a device outside the network, such as a
customer switch or workstation. The port trust mode is also configurable through the CLI.
Additional DHCP Snooping functionality includes the following:
Layer 2 DHCP Snooping—Applies DHCP Snooping functionality to bridged DHCP
client/server broadcasts without using the relay agent or requiring an IP interface on the
client/server VLAN.
IP Source Filtering—Restricts DHCP Snooping port traffic to only packets that contain the
client source MAC address and IP address obtained from the DHCP lease information. The
DHCP Snooping binding table is used to verify the client lease information for the port that is
enabled for IP source filtering.
Rate Limiting—Limits the number of DHCP packets on a port. This functionality is provided
using the QoS application to configure ACLs for the port.
User-Configurable Option 82 Suboption Format—Allows the user to specify the type of
information (switch base MAC address, system name, or user-defined string) that is inserted
into the Circuit ID and Remote ID suboptions of the Option-82 field. This functionality only
applies when DHCP Snooping Option-82 Data Insertion is enabled.