Concept Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4820T

321

322

323

324

325

326

327

328

329

330

Dell(conf-if-vl-4)# ip helper-address vrf vrf1 100.0.0.1

Dell(conf-if-vl-4)# ipv6 helper-address vrf vrf1 100::1

Dell(conf-if-vl-4)# ip dhcp relay source-interface loopback 3

Dell(conf-if-vl-4)# ipv6 dhcp relay source-interface loopback 3

3 In the below conguration, the DHCP relay source interface is not congured in the VLAN interface. So, the DHCP relay uses the

congured global DHCP relay source interface to forward the packets from the DHCP client to server.

Dell(conf)# interface Vlan 5

Dell(conf-if-vl-4)# ip vrf forwarding vrf1

Dell(conf-if-vl-4)# ip address 4.0.0.1/24

Dell(conf-if-vl-4)# ipv6 address 4::1/64

Dell(conf-if-vl-4)# tagged TenGigE 1/4

Dell(conf-if-vl-4)# ip helper-address vrf vrf1 100.0.0.1

Dell(conf-if-vl-4)# ipv6 helper-address vrf vrf1 100::1

Congure Secure DHCP

DHCP as dened by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects

networks that use dynamic address allocation from spoong and attacks.

• Option 82

• DHCP Snooping

• Dynamic ARP Inspection

• Source Address Validation

Option 82

RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment.

The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID.

Circuit ID

This is the interface on which the client-originated message is received.

Remote ID This identies the host from which the message is received. The value of this sub-option is the MAC address of

the relay agent that adds Option 82.

In DHCPv4 relay , the Option 82 is not added by default. When the ip dhcp relay information-option is congured, the Option

82 with sub-options 1 (Agent Circuit ID) and 2 ( Agent Remote ID) are added to the relayed DHCP packet. The default values of the sub-

options are as follows:

• Default Agent Circuit ID is constructed in the format “VlanID:LagID:SlotId:PortId”

• Default Agent Remote ID is the system MAC address (in binary format)

The following example shows the format of the Circuit ID - 723:0:1:1

Table 25. Circuit ID Format

VLAN ID LAG ID Slot ID Port ID

723 0 1 1

The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to:

• track the number of address requests per relay agent. Restricting the number of addresses available per relay agent can harden a

server against address exhaustion attacks.

• associate client MAC addresses with a relay agent to prevent oering an IP address to a client spoong the same MAC address on a

dierent relay agent.

Dynamic Host

Conguration Protocol (DHCP) 323