ZXR10 8900E series Core Switch Product Description
64
© 2013ZTE CORPORATION. All rights reserved.
ZTE Confidential Proprietary
3.8.3.2
DHCP
DHCP server can allocate proper IP address for all sorts of device. With DHCP service,
the network administrator instead of distributing IP address manually can allocate IP
address automatically by exchanging DHCP protocol message. This not only reduces the
workload caused by manual configuration and configuration error, but also enables
unified IP address management when the device is moved.
DHCP adopts client/server communication mode. The client sends IP allocation
application to the server , then DHCP server returns the related configuration information
like allocated IP address to the server. When DHCP client gets the configuration
information, it can realize dynamic IP address configuration and communication with
external network. In this process, DHCP server can implement authentication. One
DHCP server usually has one IP address pool, so that it can distribute IP address to
multiple IP devices.
When DHCP server and DHCP client are not in the same network segment, DHCP relay
is required. DHCP sends request message to DHCP server. When DHCP relay receives
and processes the received messages, it will send the message to the DHCP server of
one network segment. The server provides related information as per the request
message. Then the DHCP relay will return the configuration information to the client to
finish dynamic client configuration.
Besides, DHCP also includes some extension serv ices, e.g. DHCP snooping and DHCP
Relay Agent Information Option (Option 82), etc. With some options in DHCP request
message, DHCP option 82 enables DHCP server to confirm user’s location more
accurately. In this way, different users adopt different address distribution policies to
make users can be effectively controlled even when they are in different VLANs or
network segments.
DHCP Snooping is mainly used to avoid some spoofing DHCP Server. The spoofing
DHCP Server made by some devices feeds back user’s DHCP address request, which
disable the user to get correct DHCP address and connect with the network. Or the
spoofing DHCPO Client send DHCP address request to DHCP Server frequently to use
DHCP Server address out. By initiating DHCP Snooping service, trust and un-trusted port
can be set. DHCP Server responding messages sent by the un-trusted port will be
discarded. In addition, Snooping can set the number of the IP address one un-trusted
port can allocate, so that DDoS attack for DHCP Server can be avoided.
ZXR10 8900E support DHCPv4 server, DHCPv4 relay, DHCPv4/v6 snooping and DHCP
option82 services. The specific supported options can be seen in the functional list.
3.8.3.3
IP source guard
IP source guard checks message source by binding port, VLAN, MAC and IP together. It
realizes message security control. The binding table of IP source guard can be set up in
the following two ways:
Содержание ZXR10 8900E series
Страница 1: ...Operator Logo ZXR10 8900E series Core Switch Product Description ...
Страница 2: ......
Страница 10: ......