Chapter 9
| General Security Measures
DHCPv4 Snooping
– 293 –
■
access node identifier - ASCII string. Default is the MAC address of the
switch’s CPU. This field is set by the ip dhcp snooping information option
command,
■
eth - The second field is the fixed string “eth”
■
slot - The slot represents the stack unit for this system.
■
port - The port which received the DHCP request. If the packet arrives over
a trunk, the value is the ifIndex of the trunk.
■
vlan - Tag of the VLAN which received the DHCP request.
Note that the sub-type and sub-length fields can be enabled or disabled
using the ip dhcp snooping information option command.
■
The
ip dhcp snooping information option circuit-id
command can be
used to modify the default settings described above.
◆
The f
o
rmat f
or TR101 option 82 i
s: “<IP> eth <
SID>/<PORT>[:<VLAN>
]”
. Note
that the SID (Switch ID) is always 0. By default the PVID is added to the end of
the TR101 field for untagged packets. For tagged packets, the VLAN ID is always
added. Use the
ip dhcp snooping information option remote-id tr101 no-
vlan-field
command to remove the VLAN ID from the end of the TR101 field for
untagged packets. Use the
no
form of this command to add the PVID for
untagged packets at the end of the TR101 field.
Example
This example sets the DHCP Snooping Information circuit-id suboption string.
Console(config)#interface ethernet 1/1
Console(config-if)#ip dhcp snooping information option circuit-id string 4500
Console(config-if)#
ip dhcp snooping trust
This command configures the specified interface as trusted. Use the
no
form to
restore the default setting.
Syntax
[
no
]
ip dhcp snooping trust
Default Setting
All interfaces are untrusted
Command Mode
Interface Configuration (Ethernet, Port Channel)
Command Usage
◆
A trusted interface is an interface that is configured to receive only messages
from within the network. An untrusted interface is an interface that is
configured to receive messages from outside the network or fire wall.
To Next Page
Loading...
Need help?
General