configure ip-security dhcp-snooping information check

configure ip-security dhcp-snooping information check

Description

Enables the DHCP (Dynamic Host Configuration Protocol) relay agent option (option 82) checking in the server-originated packets.

Syntax Description

This command has no arguments or variables.

Default

N/A.

Usage Guidelines

This command enables the checking of the server-originated packets for the presence of option 82. In some instances, a DHCP server may not properly handle a DHCP request packet containing a relay agent option. Use this command to prevent DHCP reply packets with invalid or missing relay agent options from being forwarded to the client. With checking enabled, the following checks and actions are performed:
  • When the option 82 is present in the packet, the MAC address specified in the remote-ID sub-option is the switch system MAC address. If the check fails, the packet is dropped.

  • When option 82 is not present in the packet, the DHCP packet is forwarded with no modification.

To disable this check, use the following command:

unconfigure ip-security dhcp-snooping information check

Example

The following command enables DHCP relay agent option checking:

configure ip-security dhcp-snooping information check

History

This command was first available in ExtremeXOS 12.1.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.