3 dhcp snooping typical application, Dhcp, Nooping – QTECH QSW-8300 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru

Москва, Новозаводская ул., 18, стр. 1

200

ip dhcp snooping information option self-

defined subscriber-id {vlan | port | id

(switch-id (mac | hostname)| remote-mac) |

string WORD}

no ip dhcp snooping information option

type self-defined subscriber-id

Set creation method for option82, users can

define the parameters of circute-id suboption

by themselves.

ip dhcp snooping information option self-

defined subscriber-id format [ascii | hex]

Set self-defined format of circuit-id for

snooping option82.

Port mode

ip dhcp snooping information option

subscriber-id {standard | <circuit-id>}

no ip dhcp snooping information option

subscriber-id

Set the suboption1 (circuit ID option) content

of option 82 added by DHCP request packets

(they are received by the port). The no

command sets the additive suboption1 (circuit

ID option) format of option 82 as standard.

27.3 DHCP Snooping Typical Application

Typical usage

As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted

port 1/0/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay

are connected to the trusted ports 1/0/11 and 1/0/12 of the switch; the malicious user Mac-BB

is connected to the non-trusted port 1/0/10, trying to fake a DHCP Server(by sending

DHCPACK) . Setting DHCP Snooping on the switch will effectively detect and block this kind of

network attack.

Configuration sequence is:

switch#

switch#config