xStack
®
DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual
408
53
DHCP SERVER SCREENING COMMANDS
The DHCP Server Screening Commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters)
in the following table.
The DHCP Server Screening commands allow you not only to restrict all DHCP server packets but also to receive any specified
DHCP server packets by any specified DHCP client, it is useful when one or more than one DHCP servers are present on the
network and both provide DHCP services to different distinct groups of clients. Enabling DHCP server screening for the first time
will create both an access profile and access rule per port, following this other access rules can be created. These rules are used to
block all DHCP server packets. Similarly, the addition of a permit DHCP entry will create one access profile and one access rule
the first time the DHCP client MAC address is the client MAC address, and the source IP address is the same as the DHCP
server’s IP address (UDP port number 67). These rules are used to permit the DHCP server packets with specific fields, which the
user configures.
When the DHCP server screening function is enabled, all DHCP server packets will be filtered from a specific port. Also, you are
allowed to create entries for specific port-based server IP address and client MAC address binding entries. Be aware that the
DHCP server screening function must be enabled first. Once all settings are complete, all DHCP server packets will be filtered
from a specific port except those that meet the server IP address and client MAC address binding.
Command Parameters
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist>|all] | delete permit server_ip <ipaddr> {client_mac <macaddr>}
ports [<portlist>|all] | ports [<portlist>|all] state [enable|disable]]
show filter dhcp_server
config filter dhcp_server trap_log [enable | disable]
config filter dhcp_server
illegal_server_log_suppress_duration
[ 1min | 5min | 30min ]
Each command is listed in detail in the following sections.
config filter dhcp_server
Purpose DHCP server packets except those that have been IP/client MAC bound will be filtered.
This command is used to configure the state of the function for filtering of DHCP server
packet and to add/delete the DHCP server/client binding entry.
Syntax
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>}
ports [<portlist>|all] | delete permit server_ip <ipaddr> {client_mac <macaddr>}
ports [<portlist>|all] | ports [<portlist>|all] state [enable|disable]]
Description This command has two purposes: to filter all DHCP server packets on the specified
port(s) and to allow some DHCP server packets to be forwarded if they are on the pre-
defined server IP address/MAC address binding list. Thus the DHCP server can be
restricted to service a specified DHCP client. This is useful when there are two or more
DHCP servers present on a network.
Parameters ipaddr – The IP address of the DHCP server to be filtered.
macaddr – The MAC address of the DHCP client.
state – To Enable/disable the filter DHCP server state.
portlist – The port list of filter DHCP server.
Restrictions Only Administrator and Operator-level users can issue this command.
Enabling the DHCP filter will create one access profile and create one access rule per
port (UDP port 67).
Addition of a DHCP filter permit entry will create one access profile and create one
access rule (DA = client MAC address, SA = source IP address and UDP port 67).
