277
DHCP
DHCP Relay
DHCP Snooping
Encrypting data converts it to an unintelligible form called cipher. Decrypting cipher
converts the data back to its original form called plaintext. The algorithm described
in this standard specifies both enciphering and deciphering operations, which are
based on a binary number called a key.
DHCP is an acronym for Dynamic Host Configuration Protocol. It is a protocol used
for assigning dynamic IP addresses to devices on a network.
DHCP used by networked computers (clients) to obtain IP addresses and other
parameters such as the default gateway, subnet mask, and IP addresses of DNS
servers from a DHCP server.
The DHCP server ensures that all IP addresses are unique, for example, no IP address
is assigned to a second client while the first client's assignment is valid (its lease has
not expired). Therefore, IP address pool management is done by the server and not
by a human network administrator.
Dynamic addressing simplifies network administration because the software keeps
track of IP addresses rather than requiring an administrator to manage the task. This
means that a new computer can be added to a network without the hassle of
manually assigning it a unique IP address.
DHCP Relay is used to forward and to transfer DHCP messages between the clients
and the server when they are not on the same subnet domain.
The DHCP option 82 enables a DHCP relay agent to insert specific information into a
DHCP request packets when forwarding client DHCP packets to a DHCP server and
remove the specific information from a DHCP reply packets when forwarding server
DHCP packets to a DHCP client. The DHCP server can use this information to
implement IP address or other assignment policies. Specifically the option works by
setting two sub-options: Circuit ID (option 1) and Remote ID (option2). The Circuit ID
sub-option is supposed to include information specific to which circuit the request
came in on. The Remote ID sub-option was designed to carry information relating to
the remote host end of the circuit.
The definition of Circuit ID in the switch is 4 bytes in length and the format is
"vlan_id" "module_id" "port_no". The parameter of "vlan_id" is the first two bytes
represent the VLAN ID. The parameter of "module_id" is the third byte for the
module ID (in standalone switch it always equal 0). The parameter of "port_no" is
the fourth byte and it means the port number.
The Remote ID is 6 bytes in length, and the value is equal the DHCP relay agents
MAC address.
DHCP Snooping is used to block intruder on the untrusted ports of the switch device
when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate
conversation between the DHCP client and server.