Dhcp snooping information option configuration – LevelOne FGL-2870 User Manual

Configuring the Switch

3-146

3

DHCP Snooping Information Option Configuration

DHCP provides a relay mechanism for sending information about the switch and its
DHCP clients to the DHCP server. Known as DHCP Option 82, it allows compatible
DHCP servers to use the information when assigning IP addresses, or to set other
services or policies for clients. It is also an effective tool in preventing malicious
network attacks from attached clients on DHCP services, such as IP Spoofing, Client
Identifier Spoofing, MAC Address Spoofing, and Address Exhaustion.

Command Usage
• DHCP Snooping (see page 3-144) must be enabled for Option 82 information to be

inserted into request packets.

• When Option 82 is enabled, the requesting client (or an intermediate relay agent

that has used the information fields to describe itself) can be identified in the DHCP
request packets forwarded by the switch and in reply packets sent back from the
DHCP server.

• When the DHCP Snooping Information Option is enabled, clients can be identified

by the switch port to which they are connected rather than just their MAC address.
DHCP client-server exchange messages are then forwarded directly between the
server and client without having to flood them to the entire VLAN.

• If Option 82 is enabled on the switch, information about the switch itself may be

included in any relayed request packet.

• In some cases, the switch may receive DHCP packets from a client that already

includes DHCP Option 82 information. The switch can be configured to set the
action policy for these packets. The switch can either drop the DHCP packets, keep
the existing information, or replace it with the switch’s relay information.

Command Attributes
• DHCP Snooping Information Option Status – Enables or disables DHCP Option

82 information relay. (Default: Disabled)

• DHCP Snooping Information Option Policy – Specifies how to handle DHCP

client request packets which already contain Option 82 information.
- Drop – Drops the client’s request packet instead of relaying it.
- Keep – Retains the Option 82 information in the client request, and forwards the

packets to trusted ports.

- Replace – Replaces the Option 82 information in the client’s request with

information about the relay agent itself, inserts the relay agent’s address (when
DHCP snooping is enabled), and forwards the packets to trusted ports. (This is
the default policy.)