User Manual
UMN:CLI
V8102
415
To specify a trusted physical interface, use the following command.
Command
Mode
Description
trust
interface
{
normal
|
option82
|
all
}
Interface
[XE/GE/GPON/
CG]
Specifies a trusted physical interface.
normal: DHCP packet
option82: DHCP option 82 packet
all: DHCP + option 82 packet
no trust interface
{
normal
|
op-
tion82
|
all
}
Deletes a specified trusted interface.
9.6.6.5
Appending Enterprise Number
To add enterprise-number vlaue into dhcp option82, use the following command.
Command
Mode
Description
policy
append
enterprise-
number
<1-4294967295>
Option 82
Specifies the enterprise-number value.
9.6.7
DHCP Snooping
For enhanced security, the V8102 provides the DHCP snooping feature. The DHCP
snooping filters untrusted DHCP messages and builds/maintains a DHCP snooping bind-
ing table. The untrusted DHCP message is a message received from outside the network,
and an untrusted interface is an interface configured to receive DHCP messages from
outside the network.
The DHCP snooping basically permits all the trusted messages received from within the
network and filters untrusted messages. In case of untrusted messages, all the binding
entries are recorded in a DHCP snooping binding table. This table contains a hardware
address, IP address, lease time, VLAN ID, interface, etc.
It also gives you a way to differentiate between untrusted interfaces connected to the
end-user and trusted interfaces connected to the DHCP server or another switch.
The DHCP snooping only filters the DHCP server message such as a DHCP_OFFER or
DHCP_ACK, which is received from untrusted interfaces.
9.6.7.1
Enabling DHCP Snooping
To enable the DHCP snooping globally, use the following command
Command
Mode
Description
ip dhcp snooping
Global
Enables the DHCP snooping globally.
no ip dhcp snooping
Disables the DHCP snooping globally. (default)
Upon enabling the DHCP snooping, the DHCP_OFFER and DHCP_ACK messages from
all the ports will be discarded before specifying a trusted port.
To enable/disable the DHCP snooping on a VLAN/Interface, use the following command
!
i