Security Measures
179
Instruction Manual - NXA-ENET8-POE+
Perform these steps to configure global settings for DHCP Snooping:
1.
Click
Security
>
DHCP Snooping
.
2.
Select
Configure Global
from the Step list.
3.
Select the required options for the general DHCP snooping process and for the DHCP snooping information option.
4.
Click
Apply
.
DHCP Snooping VLAN Configuration
Use the Security > DHCP Snooping (Configure VLAN) page to enable or disable DHCP snooping on specific VLANs.
Command Usage
When DHCP snooping is enabled globally on the switch, and enabled on the specified VLAN, DHCP packet filtering will be
performed on any untrusted ports within the VLAN.
When the DHCP snooping is globally disabled, DHCP snooping can still be configured for specific VLANs, but the changes
will not take effect until DHCP snooping is globally re-enabled.
When DHCP snooping is globally enabled, and DHCP snooping is then disabled on a VLAN, all dynamic bindings learned for
this VLAN are removed from the binding table.
The following table lists the options on this page:
DHCP Snooping Information Option
Remote ID
Specifies the MAC address, IP address, or arbitrary identifier of the requesting device (i.e., the
switch in this context).
• MAC Address - Inserts a MAC address in the remote ID sub-option for the DHCP snooping agent
(i.e., the MAC address of the switch's CPU). This attribute can be encoded in Hexadecimal or
ASCII.
• IP Address - Inserts an IP address in the remote ID sub-option for the DHCP snooping agent
(i.e., the IP address of the management interface). This attribute can be encoded in
Hexadecimal or ASCII.
• string - An arbitrary string inserted into the remote identifier field. (Range: 1-32 characters)
DHCP Snooping Information Option
Policy
Specifies how to handle DHCP client request packets which already contain Option 82 information.
• Drop - Drops the client's request packet instead of relaying it.
• Keep - Retains the Option 82 information in the client request, and forwards the packets to
trusted ports.
• Replace - Replaces the Option 82 information circuit-id and remote-id fields in the client's
request with information about the relay agent itself, inserts the relay agent's address (when
DHCP snooping is enabled), and forwards the packets to trusted ports. (This is the default
policy.)
FIG. 208
Configuring Global Settings for DHCP Snooping
Security - DHCP Snooping Options
VLAN
ID of a configured VLAN (Range: 1-4094)
DHCP Snooping Status
Enables or disables DHCP snooping for the selected VLAN. When DHCP snooping is enabled
globally on the switch, and enabled on the specified VLAN, DHCP packet filtering will be performed
on any untrusted ports within the VLAN. (Default: Disabled)
Security - DHCP Snooping Options