Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

451

452

453

454

455

456

457

458

459

460

452 | Chapter 17. Security

NETGEAR 8800 User Manual

If the configuration of either VLAN Info or Port Info causes the total string length of <VLAN

Info>-<Port Info>

to exceed 32 bytes, then it is truncated to 32 bytes. The string is not NULL

terminated, since the total circuit ID length is being specified.

For a DHCP client packet ingressing on a VLAN with the VLAN ID equal to 200 and the

ingress port at 3:5, the following are true:

• When neither VLAN Info or Port Info is specified, circuit ID value is = 200-3005

• When VLAN Info is configured to SomeInfo and Port Info is not specified, the circuit ID

value is

SomeInfo-3005

• When VLAN Info is not specified and Port Info is configured to User1, the circuit ID value

200-User1

• When VLAN Info is configured to SomeInfo and Port Info to User1, the circuit ID value is

SomeInfo-User1

VLAN Info is configurable per VLAN. When not explicitly configured for a VLAN, VLAN Info

defaults to the ASCII string representation of the ingress VLAN ID. To configure the circuit ID

on a VLAN, use the following command:

configure ip-security dhcp-snooping information circuit-id vlan-information

To unconfigure the circuit ID on a VLAN, use the following command:

unconfigure ip-security dhcp-snooping information circuit-id vlan-information

Port Info is configurable. When not explicitly configured for a port, port info defaults to the

ASCII representation of the ingress port’s SNMP ifIndex. To configure the port information

portion of the circuit-ID, use the following command:

configure ip-security dhcp-snooping information circuit-id port-information

port

To unconfigure the port information portion of the circuit-ID, use the following command:

unconfigure ip-security dhcp-snooping information circuit-id port-information

ports

Note: When this feature is enabled, all DHCP traffic must be forwarded in

slowpath only, which means that this feature functions only in the

context of IP Security and only on interfaces where DHCP snooping

is enabled in enforcement (violation-action of ‘drop’) mode, in other

words with DHCP snooping not configured with a violation-action of

‘none’ (which is pure monitoring mode).

For information about configuring option 82 at Layer 3, see Configuring the DHCP Relay

Agent Option (Option 82) at Layer 3 on page 627.