D-Link DGS-6600-48TS Configuration Guide - Page 462
Enable DHCP Server screening function on ports, Add permit rule to DHCP server screening
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 462 highlights
Volume 8-Security & Authentication / Chapter 43-DHCP Server Screening Enable DHCP Server screening function on ports The configuration below describes the common case and enable DHCP server screening function on ports or port list, in which a port list ranged from eth4.1-4.48 is to be enabled. DGS-6600> enable DGS-6600# configure terminal DGS-6600(config)# ip dhcp screening ports eth4.1-4.48 Add "permit" rule to DHCP server screening User could specify explicit "permit" rules for the 3-tuple (DHCP server IP, client's MAC, port list from which DHCP server is allowed come) to determine only DHCP server packets which matches rule can pass. The configuration below describes how to enable DHCP server screening function on ports or port list, in which a port list ranged from eth4.1-4.48 is to be enabled and specify device only allow DHCP server packet if the server IP address is 10.1.1.1 and the client's clients MAC address is 00-08-01-02-03-04 only if the ingress ports are eth4.1-4.48. switch> enable switch# configure terminal switch(config)# ip dhcp screening ports etch4.1-4.48 switch(config-if)# ip dhcp screening server-ip 10.1.1.1 client-mac 00-08-01-02-0304 ports eth4.1-4.48 The provided Command Line Interface (CLI) allows each port to be independently configured to enable DHCP server screening function. User could also explicitly specify the "permit" rule to restrict some pre-defined DHCP server packets to be passed. Following is the example configuration under the Ethernet environment. Configuring ip dhcp screening trap-log The provided Command Line Interface (CLI) allows each port to be independently configured to enable DHCP server screening function. User could also explicitly specify the "permit" rule to restrict some pre-defined DHCP server packets to be passed. Following is the example configuration under the Ethernet environment. Command ip dhcp screening trap-log Explanation Used to enable trap/log function and use the no form to disable trap/log function. Use this command to enable the function of trap/log. It will log illegal server IP address, ingress port and send trap if any DHCP server packet is not authorized and dropped if user turns on this function. The following example shows to enable trap/log function of DHCP screening: DGS-6600# configure terminal DGS-6600(config)# ip dhcp screening trap-log DGS-6600 Configuration Guide 462