3Com WX3000 Overview of IP Filtering

3-4

Table 3-1 Ways of handling a DHCP packet with Option 82

Handling

policy Sub-option

configuration The DHCP snooping device will…

Drop — Drop the packet.

Keep — Forward the packet without changing Option 82.

Neither of the two

sub-options is

configured

Forward the packet after replacing the original Option 82 with

the default content.

The storage format of Option 82 content is the one specified with

the dhcp-snooping information format command or the

default HEX format if this command is not executed.

Circuit ID

sub-option is

configured

Forward the packet after replacing the circuit ID sub-option of

the original Option 82 with the configured circuit ID sub-option in

ASCII format.

Replace

Remote ID

sub-option is

configured

Forward the packet after replacing the remote ID sub-option of

the original Option 82 with the configured remote ID sub-option

in ASCII format.

When receiving a DHCP client’s request without Option 82, the DHCP snooping device will add the

option field with the configured sub-option and then forward the packet. For details, see Table 3-2.

Table 3-2 Ways of handling a DHCP packet without Option 82

Sub-option configuration The DHCP snooping device will…

Neither of the two

sub-options is configured.

Forward the packet after adding Option 82 with the default contents.

The format of Option 82 is the one specified with the

dhcp-snooping information format command or the default HEX

format if this command is not executed.

Circuit ID sub-option is

configured. Forward the packet after adding Option 82 with the configured circuit

ID sub-option in ASCII format.

Remote ID sub-option is

configured. Forward the packet after adding Option 82 with the configured

remote ID sub-option in ASCII format.

The circuit ID and remote ID sub-options in Option 82, which can be configured simultaneously or

separately, are independent of each other in terms of configuration sequence.

When the DHCP snooping device receives a DHCP response packet from the DHCP server, the DHCP

snooping device will delete the Option 82 field, if contained, before forwarding the packet, or will directly

forward the packet if the packet does not contain the Option 82 field.

Overview of IP Filtering

A denial-of-service (DoS) attack means an attempt of an attacker sending a large number of forged

address requests with different source IP addresses to the server so that the network cannot work

normally. The specific effects are as follows: