Manuals / Siemens / Computer Equipment / Network Router

Siemens S223, S323 user manual Enabling Dhcp Option, Option 82 Sub-Option

Models: S323 S223

1 381

Page 253

User Manual	UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5

Client Identifier Spoofing

By using the agent-supplied remote ID option, the untrusted and as-yet unstandardized client identifier field need not be used by the DHCP server.

Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates.

DHCP Server

2. DHCP Request + Option 82

3. DHCP Response + Option 82

DHCP Relay Agent

1. DHCP Request

4. DHCP Response

DHCP Client

Fig. 8.33 DHCP Option 82 Operation

8.8.5.1Enabling DHCP Option 82

To enable/disable the DHCP option 82, use the following command.

Command	Mode	Description

ip dhcp option82	Global	Enables the system to add the DHCP option 82 field.

no ip dhcp option82		Disables the system to add the DHCP option 82 field.
no ip dhcp option82		Disables the system to add the DHCP option 82 field.

8.8.5.2Option 82 Sub-Option

The DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to implement security and IP address assignment policies.

There are 2 sub-options for the DHCP option 82 information as follows:

•Remote ID

This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits and have mechanisms to identify the remote host of the circuit. Note that, the remote ID must be globally unique.

•Circuit ID

This sub-option may be added by DHCP relay agents which terminate switched or permanent circuits. It encodes an agent-local identifier of the circuit from which a DHCP client-to-server packet was received. It is intended for use by DHCP relay agents in forwarding DHCP responses back to the proper circuit.

A50010-Y3-C150-2-7619

253

Page 253

Image 253

Siemens S223, S323 user manual Enabling Dhcp Option, Option 82 Sub-Option

Contents

A50010-Y3-C150-2-7619 UmncliSurpass hiD 6615 S223/S323 R1.5 Important Notice on Product SafetyA50010-Y3-C150-2-7619 Issue History Reason for UpdateSummary System software upgrade added DetailsContents 4.4 4.35.1 5.27.2 7.17.3 12.1101 100102 103125 124126 127147 Surpass hiD 6615 S223/S323 R1.5 3.1149 150180 179181 182216 Surpass hiD 6615 S223/S323 R1.5 5.9217 6.11.17 1.16246 247268 Surpass hiD 6615 S223/S323 R1.5 3.2269 3.8297 295298 299318 Surpass hiD 6615 S223/S323 R1.5 10.1.110.1.1.1 10.1.1.2353 10.2.1210.2.13 354Illustrations Igmp Snooping and PIM-SM Configuration Network 279 Tab Tables171 176Document Structure AudienceTab .1 briefly describes the structure of this document Tab .1 Overview of Chapters A50010-Y3-C150-2-7619Document Convention Tab .2 Command Notation of Guide BookDocument Notation CE Declaration of ConformityGPL/LGPL Warranty and Liability Exclusion System Overview Quality of Service QoS System FeaturesMulticasting IP RoutingLink Aggregation Trunking Spanning Tree Protocol STPSystem Management based on CLI Broadcast Storm ControlRadius and TACACS+ Command Mode Command Line Interface CLIShows hiD 6615 S323 software mode structure briefly Privileged Exec Enable Mode Privileged Exec View ModeGlobal Configuration Mode Tab .1 Main Commands of Privileged Exec View ModeTab .3 Main Commands of Global Configuration Mode Bridge Configuration ModeTab .4 Main Commands of Bridge Configuration Mode Rule Configuration ModeOpens Rule Configuration mode Dhcp Option 82 Configuration Mode Dhcp Configuration ModeTab .6 Main Commands of Dhcp Configuration Mode Command Mode Description Ip dhcp pool PoolRmon Configuration Mode Interface Configuration ModeCommand Mode Description Interface Interface Vrrp Configuration Mode Router Configuration ModeTab .10 Main Commands of Router Configuration Mode Command Mode DescriptionRoute-Map Configuration Mode Variables following after the commands Listing Available CommandsUseful Tips 6615 S223/S323Command Calling Command HistorySurpass hiD 6615 S223/S323 R1.5 Using Command of Privileged Exec Enable Mode Using AbbreviationTab .13 Command Abbreviation SWITCH# show clockExits to Privileged Exec enable mode Exit Current Command ModeAble mode, you will be logged out System Connection System LoginStep Command Mode Description Passwd enable Password Password for Privileged Exec ModePasswd enable 8 Password Management for System Account Changing Login PasswordCreating System Account To display the created account, use the following command Configuring Security LevelSWITCH# show list No privilege configure level Command Mode Description No privilegeNo privilege rmon-alarm level No privilege bgp levelShows a configured security level Command Mode Description Show privilegeSWITCH# write memory Telnet AccessSWITCH# disconnect ttyp0 Limiting Number of UserManual System Rebooting System RebootingSWITCHconfig# show exec-timeout Auto Log-outAuto System Rebooting System AuthenticationAuto-reset memory 1-120 No auto-reset cpu memoryAuthentication Interface Authentication MethodPrimary Authentication Method Timeout of Authentication Request Radius Server for System AuthenticationRadius Server Radius Server PriorityTacacs Server Tacacs Server for System AuthenticationFrequency of Retransmit 5.2 Tacacs Server PriorityTCP Port for the Authentication Additional TACACS+ ConfigurationAuthentication Type Command Mode Description Login tacacs timeoutDisplaying System Authentication Accounting ModeLogin accounting-mode none Start stop bothTacacs Sample ConfigurationAssigning IP Address To enable the interface, use the following command Interface Configuration ModeEnabling Interface Disabling InterfaceAssigning IP Address to Network Interface Static Route and Default GatewayIp address IP-ADDRESS/M No ip route IP-ADDRESS/MForwarding Information BaseFIB Retain Displaying Forwarding Information BaseFIB TableDisplaying Interface ② On Interface Configuration ModeShow interface Interface Show ip interface InterfaceSSH Server SSH Secure ShellLogin to SSH Server Assigning Specific Authentication Key2.3 Configuring Authentication Key SSH ClientConnect to SSH server with the authentication key Configure the authentication key in the switchSsh keygen rsa1 rsa dsa Server Suppliant Authenticator Authentication Server 802.1x AuthenticationEAP over LAN EAP over Radius Configuring Radius Server 1 802.1x AuthenticationAuthentication Server Designate as default ResponseCommand Mode Description Dot1x radius-server move IP Configuring Authentication ModeDot1x radius-server host Force Authorization Authentication PortMode Description Dot1x port-control auto force Command Mode Description Dot1x timeout tx-period1.7 Configuring Number of Request to Radius Server 2 802.1x Re-Authentication1.8 Configuring Interval of Request to Radius Server Enabling 802.1x Re-AuthenticationConfiguring the Interval of Requesting Re-authentication Configuring the Interval of Re-Authentication2.4 802.1x Re-authentication Applying Default Value Initializing Authentication StatusDisplaying 802.1x Configuration 6 802.1x User Authentication StatisticSWTICHconfig# dot1x auth-mode mac-base SWTICHconfig# dot1x system-auth-controlPortAuthed Selecting Port Type Port BasicShow port Ports To enable/disable a port, use the following command Ethernet Port ConfigurationCommand Mode Description Port medium Port sfp rj45 Enabling Ethernet PortAuto-negotiation Command Mode Description Port nego Ports on offTransmit Rate Port speed Ports 10 100Command Mode Description Port duplex Ports full half Duplex ModeFlow Control HalfTo view description of port, use the following command Following is an example of configuring flow control to portSWITCHbridge# port flow-control 25 on SWITCHbridge# show port descriptionSWITCHbridge# show port statistics rmon SWITCHbridge# show port statistics avg-pktTraffic Statistics Packets StatisticsCPU statistics To enable/disable protocol statisticsProtocol statistics SWITCH# show port To display a port status, use the following commandPort Mirroring Port StatusDesignate the monitor port, use the following command Activate the port mirroring, using the following commandDesignate the mirrored ports, use the following command Command Mode Description Mirror add Ports ingressConnect a motoring PC to the monitor port of the switch To disable monitoring function, use the following commandEnable mirroring function Configure the monitor port 1 and mirroring port 2, 3, 4Host Name Environment ConfigurationTime and Date Network Time Protocol Time ZoneTab .1 shows the world time zone Tab .1 World Time ZoneSimple Network Time Protocol Sntp NTP Network Time ProtocolFollowing is an example of releasing NTP and showing it To display Sntp configuration, use the following command Terminal ConfigurationNo sntp To restore a default banner, use the following command Login BannerTo set a DNS server, use the following command DNS ServerDisabling Daemon Operation Fan OperationSystem Threshold CPU LoadPort Traffic Mode Description Threshold PortFan Operation No threshold Port Ports rxEnabling FTP Server System TemperatureSystem Memory Threshold temp Value ValueDisplaying System Configuration Configuration ManagementAssigning IP Address of FTP Client All Option History router bgp pim ripSystem Configuration File Saving System ConfigurationSWITCH# show running-config syslog Auto-SavingTo delete backup file, use the following command Restoring Default ConfigurationSWITCHconfig# copy running-config SURPASShiD6615 System Management SWITCHconfig# restore factory-defaultsNetwork Connection Figured time interval. Default is 2 seconds Items Description Source address or interface Type of serviceSet DF bit in IP header? no Data pattern 0xABCDIP Source Routing A50010-Y3-C150-2-7619 IP Icmp Source-RoutingFollowing is the basic information to trace packet routes Tracing Packet RouteSWITCH# traceroute Displaying User Connecting to SystemMAC Table SWITCH# show uptime Configuring Ageing timeRunning Time of System System InformationCPU packet limit System Memory InformationAverage of CPU Load Running ProcessDefault OS Displaying Installed OSDisplaying System Image Tech Support Switch StatusBer of display lines of terminal screen A50010-Y3-C150-2-7619 103Simple Network Management Protocol Snmp Command Mode Description Snmp community ro rw CommunitySnmp Community No snmp community ro rw CommunityFollowing is an example of creating 2 Snmp communities Information of Snmp AgentA50010-Y3-C150-2-7619 105 SWITCHconfig# show snmp com2sec Following is an example of configuring Snmp com2secSnmp Com2sec Snmp GroupSWITCHconfig# snmp view Test included Permission to Access Snmp View RecordSnmp View Record Following is an example of creating an Snmp view recordTo display Snmp version 3 user, use the following command Lowing commandSnmp access Snmp Version 3 UserTo set an Snmp trap host, use the following command Snmp Trap ModeTo select an Snmp trap-mode, use the following command Snmp Trap Host110 A50010-Y3-C150-2-7619 Enabling Snmp TrapDisabling Snmp Trap To disable Snmp trap, use the following commandNode Enabling Alarm Notification Snmp AlarmSWITCHconfig# snmp inform-trap-host Displaying Snmp TrapAlarm Severity Criterion Default Alarm SeverityTo configure a priority of alarm, use the following command 114 A50010-Y3-C150-2-7619 Generic Alarm SeveritySnmp Alarm-severity adva-if-sfp-mismatch Adva Alarm SeverityA50010-Y3-C150-2-7619 115 Critical major minor warning intermedi116 A50010-Y3-C150-2-7619 ERP Alarm SeveritySTP Guard Alarm Severity Displaying Snmp ConfigurationA50010-Y3-C150-2-7619 117 SWITCHconfig# show snmp alarm-history To disable Snmp feature, use the following commandDisabling Snmp Disables local OAM Operation, Administration and Maintenance OAMOAM Loopback A50010-Y3-C150-2-7619 119OAM Unidirection Local OAM ModeRemote OAM To display OAM configuration, use the following command Displaying OAM ConfigurationA50010-Y3-C150-2-7619 121 122 A50010-Y3-C150-2-7619 Lldp Operation Link Layer Discovery Protocol LldpLldp Operation Type Basic TLVLldp Message Interval and Delay Time124 A50010-Y3-C150-2-7619 To display Lldp configuration, use the following command Displaying Lldp ConfigurationA50010-Y3-C150-2-7619 125 SWITCHconfig# show rmon-history config To open RMON-historymode, use the following commandCommand Mode Description Rmon-history Remote Monitoring RmonSubject of Rmon History Source Port of Statistical DataNumber of Sample Data Interval of Sample InquiryActivating Rmon History Deleting Configuration of Rmon HistoryDisplaying Rmon History Subject of Rmon Alarm Rmon AlarmCommand Mode Description Rmon-alarm A50010-Y3-C150-2-7619 129Absolute Comparison and Delta Comparison Object of Sample InquiryUpper Bound of Threshold 130 A50010-Y3-C150-2-7619Lower Bound of Threshold Configuring Standard of the First AlarmDeleting Configuration of Rmon Alarm Activating Rmon AlarmDisplaying Rmon Alarm Rmon EventSubject of Rmon Event Event DescriptionEvent Type Activating Rmon EventDisplaying Rmon Event Deleting Configuration of Rmon Event134 A50010-Y3-C150-2-7619 Activates Rmon eventSyslog To set a syslog output level, use the following commandSyslog Output Level Syslog Output Level without a Priority136 A50010-Y3-C150-2-7619 Syslog Output Level with a PriorityLocal5 local6 local7 lpr mail news sys Log user uucp emerg alert crit errSyslog Bind Address Facility CodeA50010-Y3-C150-2-7619 137 Debug Message for Remote Terminal Displaying Syslog ConfigurationDisabling Syslog Displaying Syslog MessageRule and QoS How to Operate Rule and QoSRule Creation Rule ConfigurationRule Priority 140 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 141 Packet ClassificationTcp 142 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 143 Rule ActionOverwrites 802.1p CoS field in the packet same as IP 144 A50010-Y3-C150-2-7619Modifying and Deleting Rule Applying RuleRemedy Select another name for the rule e.g. add a prefix Displaying Rule 3 QoSWeighted Fair Queuing WFQ Weighted Round Robin WRRScheduling Algorithm Strict Priority Queuing SP Weighted Fair Queuing3.3 802.1p Priory-to-queue Mapping Qos WeightTo configure a queue parameter, use the following command Admin Access RuleTo display a configuration of QoS, enter following command Queue ParameterCommand Mode Description Priority low medium high Command Mode Description Rule Name create adminA50010-Y3-C150-2-7619 151 Highest Defaul low152 A50010-Y3-C150-2-7619 Command Mode Description Apply Command Mode Description No-match denyApplies an admin access rule to the system Match permit Permits a packet154 A50010-Y3-C150-2-7619 Shows a current configuration of a ruleInternet NetBIOS FilteringA50010-Y3-C150-2-7619 155 Martian Filtering SWITCHbridge# show netbios-filterMax Host Following is an example of displaying configured max hosts To display configured max host, use the following commandMax New Hosts Enable port security on the port To configure max new hosts, use the following commandPort Security Port Security on PortSet the maximum number of secure MAC address for the port Set the violation mode and the action to be takenEnter a secure MAC address for the port A50010-Y3-C150-2-7619 159Port Security Aging This is an example of configuring port security on portPort MaximumA50010-Y3-C150-2-7619 161 MAC TableCommand Mode Description No mac Command Mode Description Clear macClear mac Name Clear mac Name PortSample Configuration Default Policy of MAC FilteringMAC Filtering Adding Policy of MAC FilterListing of MAC Filter Policy Deleting MAC Filter PolicyDisplaying MAC Filter Policy Following is an example of displaying one configuration Address Resolution Protocol ARPARP Table Displaying ARP Table Registering ARP Table166 A50010-Y3-C150-2-7619 ARP Alias To display ARP alias, use the following commandARP Inspection A50010-Y3-C150-2-7619 167168 A50010-Y3-C150-2-7619 Gratuitous ARP Icmp Message ControlProxy-ARP Interval for Transmit Icmp Message Blocking Echo Reply MessageTab Type ValueType Status Enable Shows Icmp interval configuration Global Command Mode Description Ip icmp interval rate-limitTransmitting Icmp Redirect Message 172 A50010-Y3-C150-2-7619IP TCP Flag Control RST ConfigurationPolicy of unreached messages Packet Dump SYN ConfigurationVerifying Packet Dump Packet Dump with Option Packet Dump by ProtocolA50010-Y3-C150-2-7619 175 Tab .4 Options for Packet Dump 176 A50010-Y3-C150-2-7619 Tab .4 shows the options for packet dumpOption Description Debug Packet Dump Displaying the usage of the packet routing tableA50010-Y3-C150-2-7619 177 Enlarged Network Bandwidth VlanCost-Effective Way Strengthened SecurityPort-Based Vlan Specifying Pvid Creating VlanAssigning Port to Vlan Deleting VlanMAC address-based Vlan Protocol-Based VlanDisplaying Vlan Tagged Vlan Subnet-based VlanVlan Tag Macbase MAC-ADDRESSDisplaying Vlan Information Vlan DescriptionMapping Frames to Vlan Tunnel Port QinQTrunk Port TaggedTo disable double tagging, use the following command Double Tagging ConfigurationDouble Tagging Operation Designate the QinQ portLayer 2 Isolation Tpid ConfigurationPrivate Vlan Edge Private VlanPort Isolation Command Mode Description Port protected PortsShared Vlan No port protected PortsVlan fid Vlans FID 188 A50010-Y3-C150-2-7619Open Bridge Configuration mode using the bridge command Open Rule Configuration mode using rule Name create commandSample Configuration 1 Configuring Port-based Vlan Vlan TranslationFollowing is deleting vlan id 3 among configured Vlan Sample Configuration 2 Deleting Port-based VlanSample Configuration 3 Configuring Protocol-based Vlan Default br2 br3 br4Switch Sample Configuration 4 Configuring QinQSample Configuration 5 Configuring Shared Vlan with FID SWITCHbridge# vlan dot1q-tunnel enableLink Aggregation SWITCHbridge# vlan add br5 1-42untaggedPort Trunk Configuring Port TrunkTrunk distmode Dstip dstmac SrcdstipLink Aggregation Control Protocol Lacp Displaying Port Trunk ConfigurationDisabling Port Trunk Activate Lacp function, using the following command Configuring LacpPacket Route To disable configuring packets, use the following command Operating Mode of Member Port196 A50010-Y3-C150-2-7619 Bpdu Transmission Rate Identifying Member Ports within LacpKey value of Member Port A50010-Y3-C150-2-7619 197Command Mode Description Lacp port priority Ports Priority of SwitchPriority of Member Port 198 A50010-Y3-C150-2-7619To display a configured LACP, use the following command Displaying Lacp ConfigurationA50010-Y3-C150-2-7619 199 Spanning-Tree Protocol STP STP Operation Root SwitchA50010-Y3-C150-2-7619 201 Switch Designated SwitchPort Priority Designated Port and Root PortPort States DisabledListening LearningBackup Switch B Switch CPort Path Switch D Rstp OperationRapid Network Convergence Bpdu Policy17 Network Convergence of 802.1w A50010-Y3-C150-2-7619 207 19 Network Convergece of 802.1w 208 A50010-Y3-C150-2-7619 Compatibility with 802.1d Mstp OperationOperation Switch D Switch ERegion B IST Region a IST Configuring STP/RSTP/MSTP/PVSTP/PVRSTP Mode RequiredA50010-Y3-C150-2-7619 211 Root Switch Configuring STP/RSTP/MSTPActivating STP/RSTP/MSTP Path-costTab STP Path-cost Port-priorityA50010-Y3-C150-2-7619 213 MST Region Point-to-point MAC Parameters Mstp ProtocolEdge Ports A50010-Y3-C150-2-7619 215To delete the edge port mode, use the following command Displaying ConfigurationCommand Mode Description Stp pvst enable VLAN-RANGE Configuring PVSTP/PVRSTPActivating PVSTP/PVRSTP A50010-Y3-C150-2-7619 2176.3 Path-cost Ally. To configure port priority, use the following command6.4 Port-priority 218 A50010-Y3-C150-2-7619Root Guard Root Guard ConfigurationRestarting Protocol Migration Forward Delay Bridge Protocol Data Unit ConfigurationHello Time Hello TimeMax Age Forward DelayFollowing command To delete a configured max age, use the following command9.4 Bpdu Hop 9.5 Bpdu FilterConfigure Bpdu Guard Configure the specific port as edge-portSelf Loop Detection 224 A50010-Y3-C150-2-7619 Displaying Bpdu ConfigurationBackup Route SWITCHbridge# stp force-version mstp Mstp Configuration226 A50010-Y3-C150-2-7619 Internet Virtual Router Redundancy Protocol VrrpTo delete the Vrrp configuration, use the following command Configuring VrrpAssociated IP Address 228 A50010-Y3-C150-2-7619Master Router and Backup Router Access to Associated IP AddressA50010-Y3-C150-2-7619 229 SWTICH1config# router vrrp default Layer 3 Switch 2 IP Address 10.0.0.2/24Vrrp Track Function To configure Vrrp Track, use the following command Authentication PasswordPreempt SWITCHconfig-vrrp#authentication cleartext networkFollowing is an example of disabling Preempt A50010-Y3-C150-2-7619 233Rate Limit Configuration modeVrrp Statistics To set a port bandwidth, use the following command Configuring Rate LimitA50010-Y3-C150-2-7619 235 Flood Guard Configuring Flood-Guard236 A50010-Y3-C150-2-7619 SWITCHbridge# show mac-flood-guard Following is an example of configuration to bandwidth asBandwidth A50010-Y3-C150-2-7619 237Saving Cost Dynamic Host Configuration Protocol DhcpEfficient IP Management IP Packet Broadcast Dhcp Server or Relay AgentDhcp Server Dhcp Subnet Dhcp Pool CreationRange of IP Address Following is an example of specifying the default gateway Default GatewayIP Lease Time A50010-Y3-C150-2-7619 241Manual Binding DNS ServerFollowing is an example of specifying a DNS server 242 A50010-Y3-C150-2-7619Dhcp Server Option Domain NameStatic Mapping Recognition of Dhcp ClientCommand Mode Description Ip dhcp arp ping timeout Command Mode Description Ip dhcp arp ping packetIP Address Validation Authorized ARPProhibition of 1N IP Address Assignment Ignoring Bootp RequestDhcp Packet Statistics A50010-Y3-C150-2-7619 245SWITCHconfig# show ip dhcp server statistics Displaying Dhcp Pool ConfigurationCommand Mode Description Show ip dhcp pool Pool 246 A50010-Y3-C150-2-7619Dhcp Class Capability Dhcp Address Allocation with OptionDhcp Class Creation Relay Agent Information PatternRange of IP Address for Dhcp Class Associating Dhcp ClassText String No address range A.B.C.DDhcp Database Agent Dhcp Lease DatabaseDisplaying Dhcp Lease Status A50010-Y3-C150-2-7619 249Deleting Dhcp Lease Database Dhcp Relay AgentDhcp Server Relay Agent Subnet PC= Dhcp ClientSmart Relay Agent Forwarding Packet Forwarding AddressC.D all Dhcp Option Option 82 Sub-Option Enabling Dhcp OptionOption 82 Reforwarding Policy Default Trust PolicyOption 82 Trust Policy Simplified Dhcp Option To specify a trusted remote ID, use the following commandTrusted Remote ID Trusted Physical PortEnabling Dhcp Client Dhcp Client6.2 Dhcp Client ID 6.3 Dhcp Class IDRequesting Option Displaying Dhcp Client ConfigurationForcing Release or Renewal of Dhcp Lease A50010-Y3-C150-2-7619 257Enabling Dhcp Snooping Dhcp SnoopingDhcp Trust State 258 A50010-Y3-C150-2-7619Dhcp Rate Limit Mode Description Ip dhcp snooping Limit-leaseDhcp Lease Limit Source MAC Address VerificationSpecifying Dhcp Snooping Database Agent Dhcp Snooping Database AgentSpecifying Dhcp Snooping Binding Entry 260 A50010-Y3-C150-2-7619IP Source Guard Displaying Dhcp Snooping ConfigurationEnabling IP Source Guard Source IP Address FilterSource port-security commands together Displaying IP Source Guard ConfigurationCommand Mode Description Ip dhcp verify source Ports Static IP Source BindingDhcp Filtering Command Mode Description Ip dhcp filter-addressDhcp Packet Filtering Dhcp Server Packet FilteringPacket service all Command Mode Description Debug dhcp filterDebugging Dhcp 264 A50010-Y3-C150-2-7619ERP Operation Ethernet Ring Protection ERPSend Link Down Message Normal NodeRM Node Normal Node RM NodeLoss of Test Packet Lotp Configuring ERPERP Domain Port of ERP domain RM NodeProtected Vlan Protected ActivationWait-to-Restore Time Manual Switch to SecondaryLearning Disable Time Test Packet IntervalStacking Displaying ERP ConfigurationShow erp all DOMAIN-ID Designating Master and Slave Switch Switch GroupDesignate Mater switch using the following command A50010-Y3-C150-2-7619 271To disable stacking, use the following command Accessing to Slave Switch from Master SwitchSample Configuration 1 Configuring Stacking Disabling StackingSWITCHAconfig# stack device default SWITCHA# configure terminalSWITCHBconfig# stack device default A50010-Y3-C150-2-7619 273To disconnect, input as below Broadcast Storm ControlStorm-control broadcast mul Ticast dlf Rate PortsJumbo-frame Capacity Command Mode Description Jumbo-frame PortsA50010-Y3-C150-2-7619 275 Maximum Transmission Unit MTU Blocking Direct Broadcast276 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 277 SWITCHconfig-if#show running-config interfaceLayer 3 Network Layer 2 NetworkMulticast Routing Information Base Command Mode Description Ip multicast route-limitEnabling Multicast Routing Required Limitation of Mrib Routing EntryClearing Total or Partial Group Entry of Mrib Clearing Mrib InformationClearing Statistics of Multicast Routing Table 280 A50010-Y3-C150-2-7619Multicast Time-To-Live Threshold Displaying Mrib InformationMrib Debug 282 A50010-Y3-C150-2-7619 Multicast AgingInternet Group Management Protocol Igmp Igmp Basic ConfigurationIgmp Version per Interface Igmp VersionIgmp Version Igmp Static Join SettingRemoving Igmp Entry Igmp DebugCommand Mode Description Ip igmp static-group Igmp Query ConfigurationMaximum Number of Groups Vlan Vlan port Port reporter286 A50010-Y3-C150-2-7619 Igmp Maximum Response TimeIgmp v2 Fast Leave Displaying the Igmp ConfigurationA50010-Y3-C150-2-7619 287 Step Execute the ip multicast-routing command Igmp Snooping Basic Configuration3 L2 Mfib Enabling Igmp Snooping per VlanCommand Mode Description Ip igmp snooping vlan Vlans Enable Igmp snooping on a Vlan interfaceCommand Mode Description Show ip igmp snooping Vlan Igmp v2 SnoopingMulticast Packet Igmp v2 Snooping Fast Leave290 A50010-Y3-C150-2-7619 Igmp v2 Snooping Querier To disable Igmp querier, use the following commandEnabling Igmp Snooping Querier A50010-Y3-C150-2-7619 291To disable the max-response-time, use the following command Timeout Value of Igmp v2 Snooping Querier’s General QueryQuery Interval of Igmp v2 Snooping Querier 292 A50010-Y3-C150-2-7619A50010-Y3-C150-2-7619 293 Igmp v2 Snooping Last-Member-IntervalVlans querier detail Last-member-query-intervalIgmp v2 Snooping Report Method Configuring Mrouter Port per VlanMrouter Port 294 A50010-Y3-C150-2-7619Multicast TCN Flooding Displaying Mrouter ConfigurationMrouter Port Learning Method 296 A50010-Y3-C150-2-7619 Command Mode Description Ip igmp snooping tcn queryVlans flood Nected to on a Vlan interfaceIgmp Snooping Version Igmp v3 SnoopingJoin Host Management A50010-Y3-C150-2-7619 297Multicast Vlan Registration MVR To display a configuration, use the following commandImmediate Block MVR Group Address Enabling MVRMVR IP Address A50010-Y3-C150-2-7619 299Igmp Filtering and Throttling 7.5 Displaying MVR ConfigurationSend and Receive Port Policy of Igmp Profile Creating Igmp ProfileGroup Range of Igmp Profile A50010-Y3-C150-2-7619 301Applying Igmp Profile to the Filter Port To return to the default setting, use the following commandMax Number of Igmp Join Group 302 A50010-Y3-C150-2-7619Displaying Igmp Snooping Table PIM-SM Protocol Independent Multicast-Sparse ModeRPT and SPT Packet for the request PIM Common ConfigurationDR Priority PIM-SM and Passive ModeFilters of Neighbor in PIM To configure a query hold time, use the following commandPIM Hello Query 306 A50010-Y3-C150-2-7619To activate PIM-SM debugging, use the following command Bootstrap Router BSRBSR and RP PIM DebugStatic RP for Certain Group RP InformationIp pim bsr-candidate Global Clears all RP sets SetA50010-Y3-C150-2-7619 309 Enabling Transmission of Candidate RP Message4.3 PIM-SM Registration4.4 Ignoring RP Priority Rate Limit of Register MessageCommand Mode Description Ip pim register-suppression Configure filtering out multicast sourcesFilters for Register Message from RP Source Address of Register MessageThis command is disabled by default SPT SwitchoverReachability for PIM Register Process 312 A50010-Y3-C150-2-7619Cisco Router Interoperability PIM Join/Prune InteroperabilityChecksum of Full PIM Register Message 8.2 Candidate RP Message with Cisco BSR With older Cisco IOS versions, use the following command8.3 Excluding GenID Option With older Cisco IOS versionsPIM Snooping PIM-SSM Group316 A50010-Y3-C150-2-7619 Displaying PIM-SM ConfigurationBorder Gateway Protocol BGP IP Routing ProtocolConfiguration Type of BGP Basic ConfigurationEnabling BGP Routing Go back to Global Configuration mode using the exit command Advanced ConfigurationDisabling BGP Routing Summary of Path Command Mode Description Aggregate-address A.B.C.D/MAutomatic Summarization of Path As-set summary-onlyChoosing Best Path Multi-Exit Discriminator MEDBgp deterministic-med No bgp deterministic-medCommand Mode Description Bgp bestpath compare-confed Command Mode Description Bgp bestpath as-path ignoreSelects the best path using the router ID for identical AspathGraceful Restart Configures the router to consider the MED in choosingRestart Time IP Address FamilyStalepath Time 324 A50010-Y3-C150-2-7619BGP Neighbor Default RoutePeer Group Route Map To create a BGP Peer Group, use the following commandForce Shutdown Session Reset of All Peers BGP Session ResetWord shutdown 328 A50010-Y3-C150-2-7619 Session Reset of Peers within Particular ASSession Reset of External Peer Session Reset of Specific RouteA50010-Y3-C150-2-7619 329 330 A50010-Y3-C150-2-7619 Session Reset of Peer GroupA50010-Y3-C150-2-7619 331 Displaying and Managing BGPNEIGHBOR-IP routes 332 A50010-Y3-C150-2-7619Enabling Ospf Open Shortest Path First Ospf334 A50010-Y3-C150-2-7619 Command Mode Description Router ospfNo router ospf Command Mode Description Network A.B.C.D/M area ABR Type ConfigurationCompatibility Support Ospf InterfaceAuthentication Key Authentication Type336 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 337 Interface CostRouting Protocol Interval Blocking Transmission of Route Information DatabaseTo configure a transmit delay, use the following command To configure a dead interval, use the following commandA50010-Y3-C150-2-7619 339 Ospf Priority Ospf Maximum Transmission Unit MTU340 A50010-Y3-C150-2-7619 Ospf Network Type Non-Broadcast NetworkA50010-Y3-C150-2-7619 341 Ospf Area Area Authentication342 A50010-Y3-C150-2-7619 Area 0-4294967295filter-list access LIST-NAMEin out Default Cost of AreaNo area 0-4294967295filter- list access LIST-NAMEin out Area 0-4294967295filter-list prefix LIST-NAMEin outNot So Stubby Area Nssa Default-information-originateNo-redistribution No-summaryOriginate metric Router Configures Nssa with one option To delete configured NSSA, use the following commandA50010-Y3-C150-2-7619 345 OriginateShortcut Area Area Range346 A50010-Y3-C150-2-7619 C.D/M advertise not AdvertiseVirtual Link Stub AreaDead-interval Transmit-delay348 A50010-Y3-C150-2-7619 To delete the configuration, use the following command Default MetricGraceful Restart Support Hello-intervalHelper Grace-period350 A50010-Y3-C150-2-7619 Opaque-LSA Support Default RouteMetric Metric-typeFinding Period Metric-type Router Deletes the configurationRoute-map Metric-type Always Route-map MAP-NAMEMetric-type Route-map MAP-NAME External Routes to Ospf NetworkA50010-Y3-C150-2-7619 353 Router Deletes the default metric To delete the default metric, use the following commandOspf Distance External Inter-area Intra-areaHost Route To make it as a default, use the following commandPassive Interface A50010-Y3-C150-2-7619 355Summary Routing Information Blocking Routing InformationOspf Monitoring and Management Displaying Ospf Protocol Information To display the Ospf database, use the following commandA50010-Y3-C150-2-7619 357 As A.B.C.D358 A50010-Y3-C150-2-7619 Command Mode Description Show ip ospf interface InterfaceLimiting Number of Database Displaying Debugging InformationA50010-Y3-C150-2-7619 359 Maximum Process of LSA Command Mode Description Overflow database360 A50010-Y3-C150-2-7619 Overflow database externalRouting Information Protocol RIP To use RIP protocol, you should enable RIPEnabling RIP A50010-Y3-C150-2-7619 361RIP Neighbor Router Configure the network to operate as RIPRIP Version Redistributing Routing Information Creating available Static Route only for RIPCommand Mode Description Route-map TAG deny permit Metrics for Redistributed Routes Originating Default Information Administrative DistanceRouting Information Filtering Disabling the transmission to Interface Filtering Access List and Prefix ListOffset List Update RIP Network TimerTimeout Maximum Number of RIP RoutesTo adjust the timers, use the following command Authentication KeyNo timers basic Update Time Split HorizonRestarting RIP To disable RIP authentication, use the following commandUDP Buffer Size of RIP 372 A50010-Y3-C150-2-7619 Monitoring and Managing RIPCommand Mode Description Copy ftp tftp os Download General UpgradeA50010-Y3-C150-2-7619 373 374 A50010-Y3-C150-2-7619 Boot Mode UpgradeTo configure a default gateway, use the following command To configure a subnet mask, use the following commandTo the boot mode only A50010-Y3-C150-2-7619 375376 A50010-Y3-C150-2-7619 Boot load os1 10.27.41.82 V5212G.3.18.xUploads the new system software using the following command FTP UpgradeA50010-Y3-C150-2-7619 377 Command! For more information, see Section Exit the FTP client using the following commandCommand Mode Description Exit 378 A50010-Y3-C150-2-7619Address Resolution Protocol Access Control ListCommand Line Interface CoS Class of ServiceLoss of Signal Internet Service ProviderLoss of Power Medium Access ControlSpanning Tree Protocol Type of ServiceSoftware Transmission Control Protocol

SURPASS hiD 6615 S223/S323 R1.5

Client Identifier Spoofing

Fig. 8.33 shows how the DHCP relay agent with the DHCP option 82 operates.

Fig. 8.33 DHCP Option 82 Operation

8.8.5.1Enabling DHCP Option 82

8.8.5.2Option 82 Sub-Option

•Remote ID

•Circuit ID

A50010-Y3-C150-2-7619

253