LevelOne GSW-2600TXM 4.7.Security Features

189

broadcasts a DHCP Request packet, looking for DHCP servers. DHCP servers respond

to this packet with a DHCP Response packet. The client then chooses a server to obtain

TCP / IP configuration information, such as its own IP address.

Since DHCP uses a broadcast mechanism, a DHCP server and its client must

physically reside on the same subnet. However, it is not practical to have one DHCP

server on every subnet; in fact in many cases, DHCP / BOOTP clients and their

associated DHCP / BOOTP server(s) do not reside on the same IP network or subnet.

In such cases, a third-party agent is required to transfer BOOTP messages between

clients and servers.

BOOTP / DHCP Relay, described in RFC 1542, enables a host to use a BOOTP or

DHCP server to obtain basic TCP / IP configuration information, even if the servers do

not reside on the local subnet. When a BOOTP / DHCP Relay Agent receives a DHCP

Request packet destined for a BOOTP / DHCP server, it inserts its own IP address into

the DHCP Request packet so the server knows the subnet where the client is located.

Then, depending on the configuration setup, the switch either:

• Forwards the packet to a specific server as defined in the switch’s configuration using

unicast routing, or

• Broadcasts the DHCP Request again to another directly attached IP subnet specified

in the switch configuration for the receiving IP subnet.

When the DHCP server receives the DHCP request, it allocates a free IP address for

the DHCP client from its scope in the DHCP client’s subnet, and sends a DHCP

Response back to the DHCP Relay Agent. The DHCP Relay Agent then broadcasts this

DHCP Response packet received from the DHCP server to the appropriate client.

4.7.Security Features

The switch provides security features which allow you to control management access

and network access as described in the following sections.

Access to the switch using network management tools is controlled by SNMP

community strings. This switch supports up to five community strings. A character string

indicating the access rights of the management community must be provided whenever

you send an SNMP message to the switch. Each community has either read-only or

read / write access rights. A community that has read-only access can use only use

GET and GETNEXT commands to view the current configuration settings and status of

the switch. But a community with read / write access can use GET and GETNEXT

commands, as well as the SET command to configure the switch.