Configuring DHCP Relay Configuring UDP Port Relay
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 21-17
• The port from where the DHCP packet originated.
• The VLAN associated with the port from where the DHCP packet originated.
• The lease time for the assigned IP address.
• The binding entry type; dynamic or static (user-configured).
After extracting the above information and populating the binding table, the packet is then forwarded to
the port from where the packet originated. Basically, the DHCP Snooping feature prevents the normal
flooding of DHCP traffic. Instead, packets are delivered only to the appropriate client and server ports.
DHCP Snooping Configuration Guidelines
Consider the following when configuring the DHCP Snooping feature:
• Layer 3 DHCP Snooping requires the use of the relay agent to process DHCP packets. As a result,
DHCP clients and servers must reside in different VLANs so that the relay agent is engaged to forward
packets between the VLAN domains. See “Configuring BOOTP/DHCP Relay Parameters” on
page 21-9 for information about how to configure the relay agent on the switch.
• Layer 2 DHCP Snooping does not require the use of the relay agent to process DHCP packets. As a
result, an IP interface is not needed for the client/server VLAN. See “Layer 2 DHCP Snooping” on
page 21-22 for more information.
• Both Layer 2 and Layer 3 DHCP Snooping are active when DHCP Snooping is globally enabled for
the switch or enabled on a one or more VLANs. See “Enabling DHCP Snooping” on page 21-17 for
more information.
• Configure ports connected to DHCP servers within the network as trusted ports. See “Configuring the
Port Trust Mode” on page 21-19 for more information.
• Make sure that Option-82 data insertion is always enabled at the switch or VLAN level. See “Enabling
DHCP Snooping” on page 21-17 for more information.
• DHCP packets received on untrusted ports that already contain the Option-82 data field are discarded
by default. To accept such packets, configure DHCP Snooping to bypass the Option-82 check. See
“Bypassing the Option-82 Check on Untrusted Ports” on page 21-19 for more information.
• By default, rate limiting of DHCP traffic is done at a rate of 512 DHCP messages per second per
switching ASIC. Each switching ASIC controls 24 ports (e.g. ports 1–24, 25–48, etc.).
Enabling DHCP Snooping
There are two levels of operation available for the DHCP Snooping feature: switch level or VLAN level.
These two levels are exclusive of each other in that they both cannot operate on the switch at the same
time. In addition, if the global DHCP relay agent information option (Option-82) is enabled for the switch,
then DHCP Snooping at any level is not available. See “How the Relay Agent Processes DHCP Packets
from the Client” on page 21-14 for more information.
Note. DHCP Snooping drops server packets received on untrusted ports (ports that connect to devices
outside the network or firewall). It is important to configure ports connected to DHCP servers as trusted
ports so that traffic to/from the server is not dropped.
To Next Page
Loading...
Need help?
General
