API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

221

222

223

224

225

226

227

228

229

230

This feature filters IP traffic, based on both source IP and source MAC addresses and permits traffic only from clients found in

the DHCP snooping binding table. The switch compares the following in the packet to the DHCP snooping binding table:

● Source MAC address

● Source IP address

● The VLAN to which the client is connected

● The interface (physical or port channel) to which the client is connected

If there is a match, the switch forwards the packet.

DHCP source MAC address validation

The switch compares the source MAC address of the DHCP packet to the Client Hardware Address (CHADDR) field in the

DHCP packet and drops the DHCP packet if there is a mismatch.

Restrictions for Source Address Validation

● As the SAV feature shares TCAM memory with user ACLs, the maximum number of SAV rules that the system can support

depends on how much TCAM memory is allocated to user ACLs.

Enable source IP address validation

● Enable source IP address validation in INTERFACE mode.

ip dhcp snooping source-address-validation ip [vlan vlan-name]

Use the vlan option to optionally specify SAV for one or more VLANs. The range is from 1 to 4093. If you do not specify the

vlan option, SAV is enabled on all VLANs of an interface.

Enable source IP and MAC address validation

● Enable source IP and MAC address validation in INTERFACE mode.

ip dhcp snooping source-address-validation ipmac [vlan vlan-name]

Use the VLAN option to optionally specify SAV for one or more VLANs. The range is from 1 to 4093. If you do not specify the

vlan option, SAV is enabled on all VLANs of an interface.

Enable DHCP source MAC address validation

● Enable DHCP source MAC address validation in CONFIGURATION mode.

ip dhcp snooping verify mac-address

System domain name and list

If you enter a partial domain, the system searches different domains to finish or fully qualify that partial domain. A fully qualified

domain name (FQDN) is any name that terminates with a period or dot.

OS10 searches the host table first to resolve the partial domain. The host table contains both statically configured and

dynamically learned host and IP addresses. If OS10 cannot resolve the domain, it tries the domain name assigned to the local

system. If that does not resolve the partial domain, the system searches the list of domains configured.

You can configure the ip domain-list command up to five times to enter a list of possible domain names. The system

searches the domain names in the order they were configured until a match is found or the list is exhausted.

1. Enter a domain name in CONFIGURATION mode with a maximum of 64 alphanumeric characters.

ip domain-name name

2. Add names to complete unqualified hostnames in CONFIGURATION mode.

ip domain-list name

You can configure a domain name and list corresponding to a non-default VRF instance.

1. Enter a domain name corresponding to a non-default VRF instance in the CONFIGURATION mode.

ip domain-name vrf vrf-name server-name

System management

227