• Author : VICTOR WEN

 
 

DHCP Snooping

EOS supports the DHCP Relay feature, which relays DHCP Requests/Responses between DHCP clients and DHCP servers in different subnets. However, the DHCP server does not have visibility of where the request originated from and can only make IP address allocation decisions based on the client MAC address alone (client MAC address is included in the DHCP packet as part of the payload). To remedy that, DHCP Option-82 was formalized to allow relay agents to include Remote ID and Circuit ID so that DHCP servers can apply a more intelligent allocation policy.Switch intercepts DHCP requests from the client and inserts Option-82...
Continue reading →

IP Locking + Release Updates

Description IP Locking is an EOS feature configured on an Ethernet Layer 2 port.  When enabled, it ensures that a port will only permit IP and ARP packets with IP source addresses that have been authorized. IP Locking prevents another host on a different interface from claiming ownership of an IP address through ARP spoofing.   On an IP Locked Port:  ARP probes with 0.0.0.0 as Sender Protocol Address (SPA) will be allowed for duplicate address detection (DAD).  Incoming DHCP server response packets are dropped to avoid rogue device(s) acting as DHCP server(s). Incoming DHCP client request packets are allowed...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: