Configuring DHCP Relay Configuring UDP Port Relay
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 21-19
-> dhcp-snooping vlan 200 mac-address-verification disable
-> dhcp-snooping vlan 200 option-82-data-insertion disable
Configuring the Port Trust Mode
The DHCP Snooping trust mode for a port determines whether or not the port accepts all DHCP traffic,
client-only DHCP traffic, or blocks all DHCP traffic. The following trust modes for a port are
configurable using the dhcp-snooping port command:
• client-only—The default mode applied to ports when DHCP Snooping is enabled. This mode restricts
DHCP traffic on the port to only DHCP client-related traffic. When this mode is active for the port, the
port is considered an untrusted interface.
• trust—This mode does not restrict DHCP traffic on the port. When this mode is active on a port, the
port is considered a trusted interface. In this mode the port behaves as if DHCP Snooping is not
enabled.
• block—This mode blocks all DHCP traffic on the port. When this mode is active for the port, the port
is considered an untrusted interface.
To configure the trust mode for one or more ports, use the show dhcp-snooping port command. For
example, the following command changes the trust mode for port 1/12 on chassis 1 to blocked:
-> dhcp-snooping port 1/1/12 block
It is also possible to specify a range of ports. For example, the following command changes the trust mode
for ports 2/1 through 2/10 on chassis 1 to trusted:
-> dhcp-snooping port 1/2/1-10 trust
Bypassing the Option-82 Check on Untrusted Ports
By default, DHCP Snooping checks packets received on untrusted ports (DHCP Snooping client-only or
blocked ports) to see if the packets contain the Option-82 data field. If a packet does contain this field, the
packet is dropped.
To allow untrusted ports to receive and process DHCP packets that already contain the Option-82 data
field, use the dhcp-snooping bypass option-82-check command to disable the Option-82 check. For
example:
-> dhcp-snooping bypass option-82-check enable
Notes.
• If the binding table functionality is enabled, disabling Option-82 data insertion for the VLAN is not
allowed. See “Configuring the DHCP Snooping Binding Table” on page 21-20 for more information.
• If DHCP Snooping is not enabled for a VLAN, then all ports associated with the VLAN are considered
trusted ports. VLAN-level DHCP Snooping does not filter DHCP traffic on ports associated with a
VLAN that does not have this feature enabled.
Note. It is necessary to configure ports connected to DHCP servers within the network and/or firewall as
trusted ports so that necessary DHCP traffic to/from the server is not blocked. Configuring the port mode as
trusted also identifies the device connected to that port as a trusted device within the network.
To Next Page
Loading...
