Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
200
ip dhcp snooping information option self-
defined subscriber-id {vlan | port | id
(switch-id (mac | hostname)| remote-mac) |
string WORD}
no ip dhcp snooping information option
type self-defined subscriber-id
Set creation method for option82, users can
define the parameters of circute-id suboption
by themselves.
ip dhcp snooping information option self-
defined subscriber-id format [ascii | hex]
Set self-defined format of circuit-id for
snooping option82.
Port mode
ip dhcp snooping information option
subscriber-id {standard | <circuit-id>}
no ip dhcp snooping information option
subscriber-id
Set the suboption1 (circuit ID option) content
of option 82 added by DHCP request packets
(they are received by the port). The no
command sets the additive suboption1 (circuit
ID option) format of option 82 as standard.
27.3 DHCP Snooping Typical Application
Typical usage
As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted
port 1/0/1 of the switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay
are connected to the trusted ports 1/0/11 and 1/0/12 of the switch; the malicious user Mac-BB
is connected to the non-trusted port 1/0/10, trying to fake a DHCP Server(by sending
DHCPACK) . Setting DHCP Snooping on the switch will effectively detect and block this kind of
network attack.
Configuration sequence is:
switch#
switch#config