D-Link DGS-6600-48TS Configuration Guide - Page 467
Configuring the verification of a source MAC address from a DHCP packet
View all D-Link DGS-6600-48TS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 467 highlights
Volume 8-Security & Authentication / Chapter 44-DHCP Snooping Configuration DHCP Snooping Configuration Commands Configuring the verification of a source MAC address from a DHCP packet The DHCP snooping function validates the DHCP packets when it arrives at the port on the VLAN that is enabled for DHCP snooping. By default, DHCP snooping will verify that the source MAC in the Ethernet header be the same as the DHCP client hardware address to pass the validation. Command ip dhcp snooping verify mac-address Explanation Use this command to enable the verification that the source MAC address in a DHCP packet matches the client hardware address. Use the no command to disable the verification of the MAC address. This example shows how to enable the verification that the source MAC address in a DHCP packet matches the client hardware address: DGS-6600# configure terminal DGS-6600(config)# ip dhcp snooping verify mac-address Configuring an ip dhcp snooping vlan Use the ip dhcp snooping command to globally enable DHCP snooping and use the ip dhcp snooping vlan command to enable DHCP snooping for a VLAN. DHCP snooping process occurs during the relay agent relaying the packet. The DHCP snooping function snoops the DHCP packets arriving at the untrusted interface on VLAN that is enabled for DHCP snooping. With this function, the DHCP packets that come from an un-trusted interface can be validated, and a DHCP binding database will be constructed for the DHCP snooping enabled VLAN. The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process. The DHCP snooping enabled status for a secondary VLAN follows the status for its primary VLAN. Thus, the DHCP snooping setting does not take effect if it is configured on a secondary VLAN. Command ip dhcp snooping vlan VLAN-ID [, | -] Explanation Use this command to enable DHCP snooping on a VLAN or a group of VLANs. Use the no version of this command to disable DHCP snooping on a VLAN or a group of VLANs. This example shows how to enable DHCP snooping on vlan10: DGS-6600# configure terminal DGS-6600(config)# ip dhcp snooping vlan 10 DGS-6600(config)# DGS-6600 Configuration Guide 467