Configuring DHCP Relay Configuring UDP Port Relay
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 21-20
Configuring IP Source Filtering (Dynamic ARP Inspection (DAI))
IP source filtering applies to DHCP Snooping ports and restricts port traffic to only packets that contain
the proper client source information in the packet. The DHCP Snooping binding table is used to verify the
client information for the port that is enabled for IP source filtering.
Port Source Filtering -Filters based on source mac-address and source IP address.
VLAN Source Filtering - Filters based on VLAN ID, interface number, source mac-address and source
IP address.
By default IP source filtering is disabled for a DHCP Snooping port. Use the dhcp-snooping ip-source-
filter command to enable or disable this function.
For example, to enable source filtering on individual port 1/1 on chassis 1, enter:
-> dhcp-snooping ip-source-filter port 1/1/1 enable
To enable source filtering on link aggregate 2, enter:
-> dhcp-snooping ip-source-filter linkagg 2 enable
To enable source filtering on VLAN 10, enter:
-> dhcp-snooping ip-source-filter vlan 10 enable
Configuring the DHCP Snooping Binding Table
The DHCP Snooping binding table is automatically enabled by default when DHCP Snooping is enabled
at either the switch or VLAN level. This table is used by DHCP Snooping to filter DHCP traffic that is
received on untrusted ports.
Entries are made in this table when the relay agent receives a DHCPACK packet from a trusted DHCP
server. The agent extracts the client information, populates the binding table with the information and then
forwards the DHCPACK packet to the port where the client request originated.
To enable or disable the DHCP Snooping binding table, use the dhcp-snooping binding command. For
example:
-> dhcp-snooping binding admin-state enable
-> dhcp-snooping binding admin-state disable
Note that enabling the binding table functionality is not allowed if Option-82 data insertion is not enabled
at either the switch or VLAN level.
In addition, it is also possible to configure static binding table entries. This type of entry is created using
available dhcp-snooping binding command parameters to define the static entry. For example, the
following command creates a static DHCP client entry:
-> dhcp-snooping binding 00:2a:95:51:6c:10 port 1/1/15 address 17.15.3.10 lease-
time 3 vlan 200
To remove a static binding table entry, use the no form of the dhcp-snooping binding command. For
example:
-> no dhcp-snooping binding 00:2a:95:51:6c:10 port 1/1/15 address 17.15.3.10
lease-time 3 vlan 200
To view the DHCP Snooping binding table contents, use the show dhcp-snooping binding command. See
the OmniSwitch AOS Release 8 CLI Reference Guide for example outputs of this command.
To Next Page
Loading...
