DHCP relay agent information

DHCP snooping configuration example

The following example configures VLAN 2 and VLAN 20, and changes the CLI to the global configuration level to enable DHCP snooping on the two VLANs. The commands are as follows.

Brocade(config)# vlan 2

Brocade(config-vlan-2)# untagged ethe 1/1/3 to 1/1/4

Brocade(config-vlan-2)# router-interface ve 2

Brocade(config-vlan-2)# exit

Brocade(config)# ip dhcp snooping vlan 2

Brocade(config)# vlan 20

Brocade(config-vlan-20)# untagged ethe 1/1/1 to 1/1/2

Brocade(config-vlan-20)# router-interface ve 20

Brocade(config-vlan-20)# exit

Brocade(config)# ip dhcp snooping vlan 20

On VLAN 2, client ports 1/1/3 and 1/1/4 are untrusted by default all client ports are untrusted. Hence, only DHCP client request packets received on ports 1/1/3 and 1/1/4 are forwarded.

On VLAN 20, ports 1/1/1 and 1/1/2 are connected to a DHCP server. DHCP server ports are set to trusted.

Brocade(config)# interface ethernet 1/1/1

Brocade(config-if-e10000-1/1/1)# dhcp snooping trust

Brocade(config-if-e10000-1/1/1)# exit

Brocade(config)# interface ethernet 1/1/2

Brocade(config-if-e10000-1/1/2)# dhcp snooping trust

Brocade(config-if-e10000-1/1/2)# exit

Hence, DHCP server reply packets received on ports 1/1/1 and 1/1/2 are forwarded, and client IP/MAC binding information is collected.

The example also sets the DHCP server address for the local relay agent.

Brocade(config)# interface ve 2

Brocade(config-vif-2)# ip address 10.20.20.1/24

Brocade(config-vif-2)# ip helper-address 1 10.30.30.4

Brocade(config-vif-2)# interface ve 20

Brocade(config-vif-20)# ip address 10.30.30.1/24

DHCP relay agent information

DHCP relay agent information, also known as DHCP option 82, enables a DHCP relay agent to insert information about a clients’ identity into a DHCP client request being sent to a DHCP server.

When DHCP snooping is enabled, DHCP option 82 is automatically enabled. DHCP packets are processed as follows:

Before relaying a DHCP discovery packet or DHCP request packet from a client to a DHCP server, the Brocade ICX 6650 will add agent information to the packet.

Before relaying a DHCP reply packet from a DHCP server to a client, the Brocade ICX 6650 will remove relay agent information from the packet.

288

Brocade ICX 6650 Security Configuration Guide

 

53-1002601-01

Page 308
Image 308
Brocade Communications Systems 6650 manual Dhcp relay agent information, Dhcp snooping configuration example