Dhcp snooping configuration example, Dhcp relay agent information – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 308

Advertising
background image

288

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

DHCP relay agent information

DHCP snooping configuration example

The following example configures VLAN 2 and VLAN 20, and changes the CLI to the global
configuration level to enable DHCP snooping on the two VLANs. The commands are as follows.

Brocade(config)# vlan 2
Brocade(config-vlan-2)# untagged ethe 1/1/3 to 1/1/4
Brocade(config-vlan-2)# router-interface ve 2
Brocade(config-vlan-2)# exit
Brocade(config)# ip dhcp snooping vlan 2

Brocade(config)# vlan 20
Brocade(config-vlan-20)# untagged ethe 1/1/1 to 1/1/2
Brocade(config-vlan-20)# router-interface ve 20
Brocade(config-vlan-20)# exit
Brocade(config)# ip dhcp snooping vlan 20

On VLAN 2, client ports 1/1/3 and 1/1/4 are untrusted by default all client ports are untrusted.
Hence, only DHCP client request packets received on ports 1/1/3 and 1/1/4 are forwarded.

On VLAN 20, ports 1/1/1 and 1/1/2 are connected to a DHCP server. DHCP server ports are set to
trusted.

Brocade(config)# interface ethernet 1/1/1
Brocade(config-if-e10000-1/1/1)# dhcp snooping trust
Brocade(config-if-e10000-1/1/1)# exit
Brocade(config)# interface ethernet 1/1/2
Brocade(config-if-e10000-1/1/2)# dhcp snooping trust
Brocade(config-if-e10000-1/1/2)# exit

Hence, DHCP server reply packets received on ports 1/1/1 and 1/1/2 are forwarded, and client
IP/MAC binding information is collected.

The example also sets the DHCP server address for the local relay agent.

Brocade(config)# interface ve 2
Brocade(config-vif-2)# ip address 10.20.20.1/24
Brocade(config-vif-2)# ip helper-address 1 10.30.30.4
Brocade(config-vif-2)# interface ve 20
Brocade(config-vif-20)# ip address 10.30.30.1/24

DHCP relay agent information

DHCP relay agent information, also known as DHCP option 82, enables a DHCP relay agent to
insert information about a clients’ identity into a DHCP client request being sent to a DHCP server.

When DHCP snooping is enabled, DHCP option 82 is automatically enabled. DHCP packets are
processed as follows:

Before relaying a DHCP discovery packet or DHCP request packet from a client to a DHCP
server, the Brocade ICX 6650 will add agent information to the packet.

Before relaying a DHCP reply packet from a DHCP server to a client, the Brocade ICX 6650 will
remove relay agent information from the packet.

Advertising
Popular Brands
Popular manuals