Overview of ip filtering, Table 34-2, Table 34-1 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 318

Advertising
background image

31-4

Table 34-1

Ways of handling a DHCP packet with Option 82

Handling

policy

Sub-option

configuration

The DHCP snooping device will…

Drop

Drop the packet.

Keep

Forward the packet without changing Option 82.

Neither of the two
sub-options is
configured

Forward the packet after replacing the original Option 82 with the
default content.
The storage format of Option 82 content is the one specified with the
dhcp-snooping information format

command or the default HEX

format if this command is not executed.

Circuit ID sub-option
is configured

Forward the packet after replacing the circuit ID sub-option of the
original Option 82 with the configured circuit ID sub-option in ASCII
format.

Replace

Remote ID
sub-option is
configured

Forward the packet after replacing the remote ID sub-option of the
original Option 82 with the configured remote ID sub-option in ASCII
format.

When receiving a DHCP client’s request without Option 82, the DHCP snooping device will add the
option field with the configured sub-option and then forward the packet. For details, see

Table 34-2

.

Table 34-2

Ways of handling a DHCP packet without Option 82

Sub-option configuration

The DHCP snooping device will…

Neither of the two sub-options is
configured.

Forward the packet after adding Option 82 with the default contents.
The format of Option 82 is the one specified with the dhcp-snooping
information format

command or the default HEX format if this command is

not executed.

Circuit ID sub-option is
configured.

Forward the packet after adding Option 82 with the configured circuit ID
sub-option in ASCII format.

Remote ID sub-option is
configured.

Forward the packet after adding Option 82 with the configured remote ID
sub-option in ASCII format.

The circuit ID and remote ID sub-options in Option 82, which can be configured simultaneously or
separately, are independent of each other in terms of configuration sequence.

When the DHCP snooping device receives a DHCP response packet from the DHCP server, the DHCP
snooping device will delete the Option 82 field, if contained, before forwarding the packet, or will directly
forward the packet if the packet does not contain the Option 82 field.

Overview of IP Filtering

A denial-of-service (DoS) attack means an attempt of an attacker sending a large number of forged
address requests with different source IP addresses to the server so that the network cannot work
normally. The specific effects are as follows:

z

The resources on the server are exhausted, so the server does not respond to other requests.

Advertising
Popular Brands
Popular manuals