D-Link DGS-6600-48TS Configuration Guide - Page 503

Volume 9-Network Application / Chapter 50-DHCP Relay Configuration DHCP Relay Configuration Commands The following commands are used to specify if the validity of the DHCP reply messages should be checked or not: Command no ip dhcp relay information check ip dhcp relay information check Explanation Specifies that the validity of reply messages should not be checked by the Switch. Specifies that the validity of reply messages should be checked by the Switch. In the following example, the user enables the DHCP relay agent to check the validity of reply packets: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#ip dhcp relay information check DGS-6600:15(config)#end Configuring Trusted Interfaces An interface may receive a DHCP message that has the relay information encoded, but has a value of zero in the gateway IP address field. This type of message may be generated by sources that are trying to spoof the DHCP server. The user can configure interfaces to be un-trusted, meaning that any DHCP message received from the un-trusted interface will be dropped as they could be spoofed messages. If an interface is configured as a trusted interface, all messages from the interface will be trusted and forwarded by the Switch. • Trusting/Un-Trusting All Interfaces • Trusting a Single Interface • Displaying Trusted Interfaces • Displaying the Relay Agent Configuration Trusting/Un-Trusting All Interfaces The user can use the following command in global configuration mode to trust all interfaces on the Switch: Command ip dhcp relay information trust-all Explanation Specifies that all interfaces will be trusted. In the following example, the user enables the DHCP relay agent to trust all interfaces that already have the relay agent information option present in the packet: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#ip dhcp relay information trust-all DGS-6600:15(config)#end DGS-6600 Configuration Guide 503