Siemens S223 User Manual
User Manual UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5
SURPASS hiD 6615 S223/S323 R1.5
A50010-Y3-C150-2-7619 263
8.8.9 DHCP
Filtering
8.8.9.1
DHCP Packet Filtering
For the hiD 6615 S223/S323, it is possible to block the specific client with MAC address.
If the blocked MAC address by administrator requests IP address, the server does not
assign IP. This function is to strength the security of DHCP server.
If the blocked MAC address by administrator requests IP address, the server does not
assign IP. This function is to strength the security of DHCP server.
The following is the function of blocking to assign IP address on a port.
Command Mode
Description
ip dhcp filter-port PORTS
Configures a port in order not to assign IP.
no ip dhcp filter-port PORTS
Global
Disables DHCP packet filtering.
The following is to designate MAC address which IP address is not assigned.
Command Mode
Description
ip dhcp filter-address
MAC-
ADDR
Blocks a MAC address in case of requesting IP ad-
dress.
MAC-ADDR: MAC address
dress.
MAC-ADDR: MAC address
no ip dhcp filter-address
MAC-ADDR
Global
Disables DHCP MAC filtering.
8.8.9.2
DHCP Server Packet Filtering
Dynamic host configuration protocol (DHCP) makes DHCP server assign IP address to
DHCP clients automatically and manage the IP address. Most ISP operators provide the
service as such a way. At this time, if a DHCP client connects with the equipment that can
be the other DHCP server such as Internet access gateway router, communication failure
might be occurred.
DHCP clients automatically and manage the IP address. Most ISP operators provide the
service as such a way. At this time, if a DHCP client connects with the equipment that can
be the other DHCP server such as Internet access gateway router, communication failure
might be occurred.
DHCP filtering helps to operate DHCP service by blocking DHCP request which enters
through subscriber’s port and goes out into uplink port or the other subscriber’s port and
DHCP reply which enters to the subscriber’s port.
through subscriber’s port and goes out into uplink port or the other subscriber’s port and
DHCP reply which enters to the subscriber’s port.
In the Fig. 8.34, server A has the IP area from 192.168.10.1 to 192.168.10.10. Suppose a
user connects with client 3 that can be DHCP server to A in order to share IP address
from 10.1.1.1 to 10.1.1.10.
user connects with client 3 that can be DHCP server to A in order to share IP address
from 10.1.1.1 to 10.1.1.10.
Here, if client 1 and client 2 are not blocked from client 3 of DHCP server, client 1 and cli-
ent 2 will request and receive IP from client 3 so that communication blockage will be oc-
curred. Therefore, the filtering function should be configured between client 1 and client 3,
client 2 and client 3 in order to make client 1 and client 2 receive IP without difficulty from
DHCP server A.
ent 2 will request and receive IP from client 3 so that communication blockage will be oc-
curred. Therefore, the filtering function should be configured between client 1 and client 3,
client 2 and client 3 in order to make client 1 and client 2 receive IP without difficulty from
DHCP server A.