User's Manual Part 2



36JadeOSUserManual

00:50:ba:50:76:D8 13.0.6.237 300 D Gi 6/10

00:50:ba:50:76:D4 13.0.6.227 300 D Gi 6/10

SecurityCheck

Through binding table, DHCP snooping module determine whether the DHCP mes‐

sagesentbyuserislegalornot,andthenrejectillegalDHCPrequestifillegal.

Enabling MAC address detection, DHCP snooping can avoid attack by checking

whethertheMACaddress ofDHCPprotocolmatchwiththesourceMAC addressof

Ethernet.

To enable MACaddressdetectionofDHCPsnooping, usethefollowingcommandin

configmode:

ip dhcp snooping verify mac-address enable

BroadcastSuppression

JadeOScanautomaticallyrecordDHCPrequestinformationintoDHCPsnoopingses‐

siontablebyenablingDHCPsnooping.WhenreceivedbroadcastmessagefromDHCP

server,JadeOScanlookupthecorrespondinghostandexitportintheDHCPsnoop‐

ingtable,thenchangethebroadcastintounicast.Therefore,JadeOSachievesbroad‐

castsuppression.

To configur e the broadcast suppression in QinQ interface, use the following com‐

mand:

ip dhcp snooping enable

TodisplaytheDHCPsnoopingsessiontable,usethefollowingcommand:

show ip dhcp snooping session

6.6.5ARPWithDHCP

EnablingARPwithDHCP,DHCPwillissueARPtablethatcombineddistributedIPad‐

dressandMACaddressinclienttothesystem,atthesametime,disablethefunction

ofARPlearninginthespecifiedinterface.Therefore,ARPtableisstrictlycheckedby

DHCPsnooping,whichensuresthelegalityand

avoidtheARPcheatandinterfereto

theuseronlineandcommunication.



Forexample:

¾ EnableARPwithDHCPfunction：

Step1Configureupdatearpinaddresspool

(JadeOS) (config)#ip dhcp pool ABC

(JadeOS) (config-dhcp)#update arp

Step 2Configure ARP authorized in the interface of distributed IP, disable ARP

learningfunction:

(JadeOS) (config)#interface vlan 6