Siemens S223 User Manual
UMN:CLI User Manual
SURPASS hiD 6615 S223/S323 R1.5
252 A50010-Y3-C150-2-7619
To enable the smart relay agent forwarding, use the following command.
Command Mode
Description
ip dhcp smart-relay
Enables a smart relay.
no ip dhcp smart-relay
Global
Disables a smart relay.
8.8.5
DHCP Option 82
In some networks, it is necessary to use additional information to further determine which
IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include
additional information about itself when forwarding client-originated DHCP packets to a
DHCP server. The DHCP relay agent will automatically add the circuit ID and the remote
ID to the option 82 field in the DHCP packets and forward them to the DHCP server.
IP addresses to allocate. By using the DHCP option 82, a DHCP relay agent can include
additional information about itself when forwarding client-originated DHCP packets to a
DHCP server. The DHCP relay agent will automatically add the circuit ID and the remote
ID to the option 82 field in the DHCP packets and forward them to the DHCP server.
The DHCP option 82 resolves the following issues in an environment in which untrusted
hosts access the internet via a circuit based public network:
hosts access the internet via a circuit based public network:
Broadcast Forwarding
The DHCP option 82 allows a DHCP relay agent to reduce unnecessary broadcast flood-
ing by forwarding the normally broadcasted DHCP response only on the circuit indicated
in the circuit ID.
ing by forwarding the normally broadcasted DHCP response only on the circuit indicated
in the circuit ID.
DHCP Address Exhaustion
In general, a DHCP server may be extended to maintain a DHCP lease database with an
IP address, hardware address and remote ID. The DHCP server should implement poli-
cies that restrict the number of IP addresses to be assigned to a single remote ID.
IP address, hardware address and remote ID. The DHCP server should implement poli-
cies that restrict the number of IP addresses to be assigned to a single remote ID.
Static Assignment
A DHCP server may use the remote ID to select the IP address to be assigned. It may
permit static assignment of IP addresses to particular remote IDs, and disallow an ad-
dress request from an unauthorized remote ID.
permit static assignment of IP addresses to particular remote IDs, and disallow an ad-
dress request from an unauthorized remote ID.
IP Spoofing
A DHCP client may associate the IP address assigned by a DHCP server in a forwarded
DHCP_ACK message with the circuit to which it was forwarded. The circuit access device
may prevent forwarding of IP packets with source IP addresses, other than, those it has
associated with the receiving circuit. This prevents simple IP spoofing attacks on the cen-
tral LAN, and IP spoofing of other hosts.
DHCP_ACK message with the circuit to which it was forwarded. The circuit access device
may prevent forwarding of IP packets with source IP addresses, other than, those it has
associated with the receiving circuit. This prevents simple IP spoofing attacks on the cen-
tral LAN, and IP spoofing of other hosts.
MAC Address Spoofing
By associating a MAC address with a remote ID, a DHCP server can prevent offering an
IP address to an attacker spoofing the same MAC address on a different remote ID.
IP address to an attacker spoofing the same MAC address on a different remote ID.