Domain-Specific BOOTP Relay Agent Configuration
DHCP Option 82
DHCP Snooping
46
G8264 Application Guide for ENOS 8.4
Use the following commands to configure up to five domain‐specific BOOTP relay
agents for each of up to 10 VLANs:
RS G8264(config)# ip bootprelay bcastdomain <1‐10> vlan <VLAN number>
RS G8264(config)# ip bootprelay bcastdomain <1‐10> server <1‐5> address
<IPv4 address>
RS G8264(config)# ip bootprelay bcastdomain <1‐10> enable
As with global relay agent servers, domain‐specific BOOTP/DHCP functionality
may be assigned on a per‐interface basis (see Step 2 in page
DHCP Option 82 provides a mechanism for generating IP addresses based on the
client device's location in the network. When you enable the DHCP relay agent
option on the switch, it inserts the relay agent information option 82 in the packet,
and sends a unicast BOOTP request packet to the DHCP server. The DHCP server
uses the option 82 field to assign an IP address, and sends the packet, with the
original option 82 field included, back to the relay agent. DHCP relay agent strips
off the option 82 field in the packet and sends the packet to the DHCP client.
Configuration of this feature is optional. The feature helps resolve several issues
where untrusted hosts access the network. See RFC 3046 for details.
Use the following commands to configure DHCP Option 82:
RS G8264(config)# ip bootprelay information enable (Enable Option 82)
RS G8264(config)# ip bootprelay enable (Enable DHCP relay)
RS G8264(config)# ip bootprelay server <1‐5> address <IP address>
DHCP snooping provides security by filtering untrusted DHCP packets and by
building and maintaining a DHCP snooping binding table. This feature is
applicable only to IPv4 and only works in non‐stacking mode.
An untrusted interface is a port that is configured to receive packets from outside
the network or firewall. A trusted interface receives packets only from within the
network. By default, all DHCP ports are untrusted.
The DHCP snooping binding table contains the MAC address, IP address, lease
time, binding type, VLAN number, and port number that correspond to the local
untrusted interface on the switch; it does not contain information regarding hosts
interconnected with a trusted interface.
By default, DHCP snooping is disabled on all VLANs. You can enable DHCP
snooping on one or more VLANs. You must enable DHCP snooping globally. To
enable this feature, enter the following commands:
RS G8264(config)# ip dhcp snooping vlan <vlan number(s)>
RS G8264(config)# ip dhcp snooping
45).