broadcasts a DHCP Request packet, looking for DHCP servers. DHCP servers respond to this packet with a DHCP Response packet. The client then chooses a server to obtain TCP / IP configuration information, such as its own IP address.

Since DHCP uses a broadcast mechanism, a DHCP server and its client must physically reside on the same subnet. However, it is not practical to have one DHCP server on every subnet; in fact in many cases, DHCP / BOOTP clients and their associated DHCP / BOOTP server(s) do not reside on the same IP network or subnet. In such cases, a third-party agent is required to transfer BOOTP messages between clients and servers.

BOOTP / DHCP Relay, described in RFC 1542, enables a host to use a BOOTP or DHCP server to obtain basic TCP / IP configuration information, even if the servers do not reside on the local subnet. When a BOOTP / DHCP Relay Agent receives a DHCP Request packet destined for a BOOTP / DHCP server, it inserts its own IP address into the DHCP Request packet so the server knows the subnet where the client is located. Then, depending on the configuration setup, the switch either:

Forwards the packet to a specific server as defined in the switch’s configuration using unicast routing, or

Broadcasts the DHCP Request again to another directly attached IP subnet specified

in the switch configuration for the receiving IP subnet.

When the DHCP server receives the DHCP request, it allocates a free IP address for the DHCP client from its scope in the DHCP client’s subnet, and sends a DHCP Response back to the DHCP Relay Agent. The DHCP Relay Agent then broadcasts this DHCP Response packet received from the DHCP server to the appropriate client.

4.7.Security Features

The switch provides security features which allow you to control management access and network access as described in the following sections.

4.7.1.SNMP Community Strings

Access to the switch using network management tools is controlled by SNMP community strings. This switch supports up to five community strings. A character string indicating the access rights of the management community must be provided whenever you send an SNMP message to the switch. Each community has either read-only or read / write access rights. A community that has read-only access can use only use GET and GETNEXT commands to view the current configuration settings and status of the switch. But a community with read / write access can use GET and GETNEXT commands, as well as the SET command to configure the switch.

189

Page 189
Image 189
LevelOne GSW-2600TXM manual Security Features, Snmp Community Strings