Identifying the user
For more information about setting up DHCP snooping, see How To Use DHCP Snooping, Option 82 and Filtering on Rapier,
Setting up DHCP snooping
This section describes a minimal configuration for DHCP snooping. With this configuration, the switch snoops DHCP packets to build a database of allowed IP addresses, only sends DHCP messages to the port with the official DHCP server, and limits the number of clients attached to each port.
Configuration 1. Enable DHCP snooping.
2.Identify the port that your DHCP server is attached to, and configure this as a trusted port for DHCP snooping. The switch only sends DHCP discover and request packets to trusted ports. If a malicious user attaches a DHCP server to an untrusted port, that server will never receive DHCP requests. This prevents DHCP server spoofing.
3.Set the number of leases permitted on each port.
4.For
Example To limit each port on a
enable dhcpsnooping
set dhcpsnooping port=24 trusted=yes
set dhcpsnooping
On
create classifier=50 macsaddr=dhcpsnooping prot=ip ipsaddr=dhcpsnooping
create classifier=51 protocol=ip create qos policy=1
create qos trafficclass=1
create qos flow=50 action=forward create qos flow=51 action=discard add qos policy=1 trafficclass=1 set qos
add qos trafficclass=1 flow=50 add qos trafficclass=1 flow=51 add qos flow=50 classifier=50 add qos flow=51 classifier=51
Using static binding for rigid control
If there is no DHCP server, or if there is a host with a static IP address, then you can bind the IP address to the port to which it is attached.
Example To specify that the host with MAC address
add dhcpsnooping
Create A Secure Network With Allied Telesis Managed Layer 3 Switches | 16 |
