Brocade Communications Systems Brocade ICX 6650 6650 Manuel D’Utilisation
288
Brocade ICX 6650 Security Configuration Guide
53-1002601-01
DHCP relay agent information
DHCP snooping configuration example
The following example configures VLAN 2 and VLAN 20, and changes the CLI to the global
configuration level to enable DHCP snooping on the two VLANs. The commands are as follows.
configuration level to enable DHCP snooping on the two VLANs. The commands are as follows.
Brocade(config)# vlan 2
Brocade(config-vlan-2)# untagged ethe 1/1/3 to 1/1/4
Brocade(config-vlan-2)# router-interface ve 2
Brocade(config-vlan-2)# exit
Brocade(config)# ip dhcp snooping vlan 2
Brocade(config-vlan-2)# untagged ethe 1/1/3 to 1/1/4
Brocade(config-vlan-2)# router-interface ve 2
Brocade(config-vlan-2)# exit
Brocade(config)# ip dhcp snooping vlan 2
Brocade(config)# vlan 20
Brocade(config-vlan-20)# untagged ethe 1/1/1 to 1/1/2
Brocade(config-vlan-20)# router-interface ve 20
Brocade(config-vlan-20)# exit
Brocade(config)# ip dhcp snooping vlan 20
Brocade(config-vlan-20)# untagged ethe 1/1/1 to 1/1/2
Brocade(config-vlan-20)# router-interface ve 20
Brocade(config-vlan-20)# exit
Brocade(config)# ip dhcp snooping vlan 20
On VLAN 2, client ports 1/1/3 and 1/1/4 are untrusted by default all client ports are untrusted.
Hence, only DHCP client request packets received on ports 1/1/3 and 1/1/4 are forwarded.
Hence, only DHCP client request packets received on ports 1/1/3 and 1/1/4 are forwarded.
On VLAN 20, ports 1/1/1 and 1/1/2 are connected to a DHCP server. DHCP server ports are set to
trusted.
trusted.
Brocade(config)# interface ethernet 1/1/1
Brocade(config-if-e10000-1/1/1)# dhcp snooping trust
Brocade(config-if-e10000-1/1/1)# exit
Brocade(config)# interface ethernet 1/1/2
Brocade(config-if-e10000-1/1/2)# dhcp snooping trust
Brocade(config-if-e10000-1/1/2)# exit
Brocade(config-if-e10000-1/1/1)# dhcp snooping trust
Brocade(config-if-e10000-1/1/1)# exit
Brocade(config)# interface ethernet 1/1/2
Brocade(config-if-e10000-1/1/2)# dhcp snooping trust
Brocade(config-if-e10000-1/1/2)# exit
Hence, DHCP server reply packets received on ports 1/1/1 and 1/1/2 are forwarded, and client
IP/MAC binding information is collected.
IP/MAC binding information is collected.
The example also sets the DHCP server address for the local relay agent.
Brocade(config)# interface ve 2
Brocade(config-vif-2)# ip address 10.20.20.1/24
Brocade(config-vif-2)# ip helper-address 1 10.30.30.4
Brocade(config-vif-2)# interface ve 20
Brocade(config-vif-20)# ip address 10.30.30.1/24
Brocade(config-vif-2)# ip address 10.20.20.1/24
Brocade(config-vif-2)# ip helper-address 1 10.30.30.4
Brocade(config-vif-2)# interface ve 20
Brocade(config-vif-20)# ip address 10.30.30.1/24
DHCP relay agent information
DHCP relay agent information, also known as DHCP option 82, enables a DHCP relay agent to
insert information about a clients’ identity into a DHCP client request being sent to a DHCP server.
insert information about a clients’ identity into a DHCP client request being sent to a DHCP server.
When DHCP snooping is enabled, DHCP option 82 is automatically enabled. DHCP packets are
processed as follows:
processed as follows:
•
Before relaying a DHCP discovery packet or DHCP request packet from a client to a DHCP
server, the Brocade ICX 6650 will add agent information to the packet.
server, the Brocade ICX 6650 will add agent information to the packet.
•
Before relaying a DHCP reply packet from a DHCP server to a client, the Brocade ICX 6650 will
remove relay agent information from the packet.
remove relay agent information from the packet.