EasyManua.ls Logo

Dasan V5808 - DHCP Option 82; Broadcast Forwarding; DHCP Address Exhaustion; Static Assignment

Dasan V5808
814 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User Manual UMN:CLI
V5808
343
SWITCH(config-traffic-pf[TEST]-bridge[2])# uni eth 2
SWITCH(config-traffic-pf[TEST]-bridge[2]-uni[eth:2])# multicast-profile
V3510_tag
SWITCH(config-traffic-pf[TEST]-bridge[2]-uni[eth:2])# extended-vlan-tagging-
operation HSI_1
SWITCH(config-traffic-pf[TEST]-bridge[2]-uni[eth:2])# write memory
8.5.6 DHCP Option 82
In some networks, it is necessary to use additional information to further determine which
IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include
additional information about itself when forwarding client-originated DHCP packets to a
DHCP server. The DHCP relay agent will automatically add the circuit ID and the remote
ID to the option 82 field in the DHCP packets and forward them to the DHCP server.
The DHCP option 82 resolves the following issues in an environment in which untrusted
hosts access the internet via a circuit based public network:
Broadcast Forwarding
The DHCP option 82 allows a DHCP relay agent to reduce unnecessary broadcast
flooding by forwarding the normally broadcasted DHCP response only on the circuit
indicated in the circuit ID.
DHCP Address Exhaustion
In general, a DHCP server may be extended to maintain a DHCP lease database with an
IP address, hardware address and remote ID. The DHCP server should implement
policies that restrict the number of IP addresses to be assigned to a single remote ID.
Static Assignment
A DHCP server may use the remote ID to select the IP address to be assigned. It may
permit static assignment of IP addresses to particular remote IDs, and disallow an
address request from an unauthorized remote ID.
IP Spoofing
A DHCP client may associate the IP address assigned by a DHCP server in a forwarded
DHCP_ACK message with the circuit to which it was forwarded. The circuit access device
may prevent forwarding of IP packets with source IP addresses, other than, those it has
associated with the receiving circuit. This prevents simple IP spoofing attacks on the
central LAN, and IP spoofing of other hosts.
MAC Address Spoofing
By associating a MAC address with a remote ID, a DHCP server can prevent offering an
IP address to an attacker spoofing the same MAC address on a different remote ID.
Client Identifier Spoofing

Table of Contents