User's Manual
37JadeOSUserManual
Step 3 Specify the IP address of DHCP Server
(JadeOS)(config-dhcp-relay)# server address A.B.C.D
Step 4 Specify the interface of DHCP Server
(JadeOS)(config-dhcp-relay)# server-interface <interface-name>
Step 5 Enable Relay
(JadeOS)(config-dhcp-relay)# enable
6.6.4 DHCP Snooping
DHCP Snooping acts as the firewall between untrust host and DHCP server, which
avoid interfere and attack to the legal user. Through DHCP snooping, you can view
the filtered illegal DHCP message.
Because DHCP message carries MAC address and IP address of user terminal, you
can obtain and record DHCP message through continuously track, which can be used
to indentify other illegal DHCP message.
Through building and maintaining DHCP snooping table (IP-MAC binding), system
can detect whether the followed communication is legal, and then reject the un-
matched data between IP and MAC.
To enable DHCP snooping, use the following command:
ip dhcp snooping enable
To display DHCP snooping binding table, use the following command:
(JadeOS) #show ip dhcp snooping binding counter
Datapath Bind Table Statistics
-------------------------------
Current Entries 1001
High Water Mark 1001
Maximum Entries 262144
Total Entries 4001
Allocation Failures 0
(JadeOS) #show ip dhcp snooping binding
DHCP Snooping State is disable
DHCP Snooping verify MAC State is disable
Datapath Binding Table Entries
-------------------------------------------------------------------
Type: D - Dynamic, S - Statically-configured
MacAddress IpAddress Lease(sec) Type Interface
------------- --------------- --------- ------ ------------