Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT 8648T/2SP
11121314151617181920
Software Version 2.7.6 11
Software Version 2.7.6
C613-10462-00 REV A
DHCP Filtering
DHCP filtering prevents IP addresses from being falsified or “spoofed”. This
guarantees that customers cannot avoid detection by spoofing an IP address
that was not actually allocated to them.
The switch only allows packets to enter via a given port if they have a source IP
address that matches an IP address allocated to a device connected to that port.
For AT-8600, AT-8700XL, Rapier, and AT-8800 switches, filtering is automatic
and does not require any configuration.
For AT-8900 and AT-9900 switches, you must create classifiers and incorporate
them into a QoS configuration. To create classifiers, use one or both of the new
dhcpsnooping options in the command:
create classifier=rule-id [macsaddress=dhcpsnooping]
[ipsaddress=dhcpsnooping]
You can treat these classifiers like all other classifiers, and use them as part of
any QoS or filtering configuration.
DHCP Option 82
You can configure DHCP snooping to insert DHCP Option 82 information into
client-originated DHCP packets.
Trusted network elements insert Option 82 into the DHCP options field when
forwarding client-originated BOOTP/DHCP packets to a DHCP server. DHCP
servers that are configured to recognise Option 82 may use the information to
implement IP addresses, or other parameter assignment policies, based on the
network location of the client device.
When you enable Option 82 information for DHCP snooping, the switch
inserts Option 82 information into BOOTP request packets received from an
untrusted port. The switch inserts the following Option 82 information:
Remote-ID. This specifies the MAC address of the switch.
Circuit-ID. This specifies the switch port and VLAN-ID that the
client-originated DHCP packet was received on.
Subscriber-ID (optional). This is a string of up to 50 characters that
differentiates or groups client ports on the switch.
Regardless of whether Option 82 is enabled for DHCP snooping, if the switch
receives a BOOTP request packet on:
an untrusted port, it drops the packet if it contains Option 82 information
a trusted port, and the packet contains Option 82 information, it does not
update the Option 82 information for the receiver port
The switch only removes Option 82 information from BOOTP reply packets
destined for an untrusted port if the DHCP client hardware is directly attached
to a port on the switch.
To enable Option 82, use the command:
enable dhcpsnooping option82