3 dhcp snooping typical application, Dhcp, Nooping – PLANET WGSW-52040 User Manual

ip dhcp snooping information

option subscriber-id {standard |

<circuit-id>}

no ip dhcp snooping information

option subscriber-id

Set the suboption1 (circuit ID option) content of

option 82 added by DHCP request packets (they

are received by the port). The no command sets

the additive suboption1 (circuit ID option) format

of option 82 as standard.

Command Explanation

Globe mode

ip dhcp snooping information

option allow-untrusted (replace|)

no ip dhcp snooping information

option allow-untrusted (replace|)

This command is used to set that allow

untrusted ports of DHCP snooping to receive

DHCP packets with option82 option. When the

"replace" is setting, the potion82 option is

allowed to replace. When disabling this

command, all untrusted ports will drop DHCP

packets with option82 option.

36.3 DHCP Snooping Typical Application

Figure 36-1: Sketch Map of TRUNK

As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted

port 1/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are

connected to the trusted ports 1/11 and 1/12 of the switch; the malicious user Mac-BB is
connected to the non-trusted port 1/10, trying to fake a DHCP Server（by sending DHCPACK）.

36-81