Manualshelf

R3303-HP HSR6800 Routers Layer 3 - IP Services Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
81828384858687888990
73
If a DHCP request
has…
Handling
strate
gy
Padding format
The DHCP snooping device…
N/A private
Forwards the message after adding Option 82
padded in private format.
N/A standard
Forwards the message after adding Option 82
padded in standard format.
N/A verbose
Forwards the message after adding the Option
82 padded in verbose format.
N/A user-defined
Forwards the message after adding the
user-defined Option 82.
The handling strategy and padding format for Option 82 on the DHCP snooping device are the same as
those on the relay agent.
DHCP snooping configuration task list
Task Remarks
Configuring DHCP snooping basic functions Required.
Configuring DHCP snooping to support Option 82 Optional.
Configuring DHCP snooping entries backup Optional.
Enabling DHCP starvation attack protection Optional.
Enabling DHCP-REQUEST message attack protection Optional.
Configuring DHCP snooping basic functions
Follow these guidelines to configure DHCP snooping basic functions:
You must specify the ports connected to authorized DHCP servers as trusted ports to make sure that
DHCP clients can obtain valid IP addresses. The trusted ports and the ports connected to DHCP
clients must be in the same VLAN.
You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports. For
more information about aggregate interfaces, see Layer 2—LAN Switching Configuration Guide.
If a Layer 2 Ethernet interface is added to an aggregation group, the DHCP snooping configuration
of the interface does not take effect. After the interface quits the aggregation group, the
configuration becomes effective.
DHCP snooping can work with basic QinQ or flexible QinQ. When receiving a packet without any
VLAN tag from the DHCP client to the DHCP server, the DHCP snooping device adds a VLAN tag
to the packet. If the packet has one VLAN tag, the device adds another VLAN tag to the packet and
records the two VLAN tags in a DHCP snooping entry. The newly added VLAN tag is the outer tag.
If the packet has two VLAN tags, the device directly forwards the packet to the DHCP server without
adding any tag. If you need to add a new VLAN tag and meanwhile modify the original VLAN tag
for the packet, DHCP snooping cannot work with flexible QinQ.