Configuring packet filtering, Filtering service packets, Configuring packet filtering -15 – SMC Networks TigerAccess SMC7816M User Manual
Page 193: Filtering service packets -15
C
ONFIGURING
P
ACKET
F
ILTERING
7-15
CLI – These examples show the DHCP snooping configuration settings
and binding table entries.
Configuring Packet Filtering
Packet filtering provides security barriers between the customer and the
service provider, as well as between different customers attached to the
same local switch, by blocking NetBIOS traffic, DHCP service requests,
and DHCP replies on specific ports.
Note: Packet Filtering occupies valuable hardware resources. Using
Private VLANs provides a more efficient alternative for separating
the traffic sent to each subscriber (see “Configuring Private
VLANs” on page 32-17).
Filtering Service Packets
Packet filtering provides security the following security features:
• Blocking DHCP service requests to ensure that only static addresses
assigned by the service provider are used.
• Blocking DHCP replies on specific ports to ensure that DHCP service
requests are only answered through authorized uplink ports.
Console(config)#ip dhcp snooping
Console#show ip dhcp snooping
Global DHCP Snooping status: enable
DHCP Snooping is configured on the following VLANs:
1,
Verify Source Mac-Address: enable
Service Provider Mode: disable
Interface Trusted Client-limit
---------- ---------- ------------
Eth 1/1 No 5
Eth 1/2 No 5
Eth 1/3 No 5
Eth 1/4 No 5
Eth 1/5 Yes 5
.
.
.
Console#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN
Interface
----------------- --------------- ---------- -------------------- ---- --------
11-22-33-44-55-66 192.168.0.99 60000 Dynamic-DHCPSNP 1 Eth 1/5
Console#