C613-16086-00 REV B

www.alliedtelesis.com

AlliedWare

TM

OS

How To |

Introduction

It has increasingly become a legal requirement for service providers to identify which of their
customers were using a specific IP address at a specific time. This means that service
providers must be able to:

z

Know which customer was allocated an IP address at any time.

z

Guarantee that customers cannot avoid detection by spoofing an IP address that was not
actually allocated to them.

These security features provide a traceable history in the event of an official query. Three
components are used to provide this traceable history:

z

DHCP snooping

z

DHCP Option 82

z

DHCP filtering

With DHCP snooping an administrator can control port-to-IP connectivity by:

z

permitting port access to specified IP addresses only

z

permitting port access to DHCP issued IP addresses only

z

dictating the number of IP clients on any given port

z

passing location information about an IP client to the DHCP server

z

permitting only known IP clients to ARP

This document explains each feature and provides the minimum configuration to enable
them. There are also two configuration examples that make advanced use of the features.

Use DHCP Snooping, Option 82, and Filtering on
AT-8800, AT-8600, AT-8700XL, Rapier, and Rapier i
Series Switches