Chapter 23: DHCP Snooping

DHCP with

Option 82

A network device initially sends out a DHCPDISCOVER packet so that a DHCP server will respond. It waits for and then accepts the

first DHCPOFFER packet from the server that it receives. This packet contains the DHCP server’s IP address and mask. If the unauthorized DHCP server responds first, then the network device will use the information from the unintended DHCP server for the default gateway or DNS server.

Untrusted ports are connected to the DHCP clients and to traffic that originated outside the LAN. By definition, untrusted ports do not accept DHCP packets originating form a DHCP server and immediately drop them when they are detected. The DHCP packets types that are not accepted are DHCPOFFER and DHCPACK.

However, untrusted ports do accept both DHCP DISCOVER and DHCPREQUEST packets sent from DHCP clients. This behavior allows DHCP clients to respond to a trusted DHCP server and not respond to a DHCP server that is untrusted.

You can configure the AT-GS950/16PS to pass DHCP packets containing Option 82 information through the switch without altering the information within the packet. You can also configure the AT-GS950/16PS switch to insert DHCP Option 82 information directly into the DHCP packets as they pass through the switch.

292

Page 292
Image 292
Allied Telesis AT-S112, AT-GS950/16PS manual Dhcp with Option