Page 1 of 1
DHCP snooping
Posted: 25 Oct 2016 14:00
by skyfoxnz
Hi guys,
I am trying to configure DHCP snooping but I can't figure out how to yet. Basically I am trying to block DHCP offer from untrusted port and trusted port.
I have been trying to find an example but I didn't have much luck. Does anyone have an example for DHCP snooping? Cheers.
Re: DHCP snooping
Posted: 25 Oct 2016 14:56
by mivens
I've never tried it myself, but from reading the
7210 Services Guide, it looks like DHCP snooping is only to add or remove option 82 fields from the DHCP requests and replies.
There is a drop option but only for when a DHCP packet is received with Option 82 already present.
Code: Select all
configure service vpls <service-id> sap <sap-id> dhcp option action drop
configure service vpls <service-id> sap <sap-id> dhcp snoop
Re: DHCP snooping
Posted: 02 Nov 2016 17:51
by skyfoxnz
Hi Mivens,
Thanks for the reply. I actually tried it and apparently it still pass DHCP offer to client.
Following is the configuration.
I made this work on Cisco and it was fairly easy. Any port i configured snoop and mark it as untrusted wasn't allowing DHCP offer at all.
Any suggestion would be greatly appreciated.
*A:LAB>config>service>vpls# info
----------------------------------------------
description "Cust VPLS"
service-mtu 9100
stp
shutdown
exit
sap 1/1/1:0 create
description "Link to Mikrotik eth1 DHCP"
dhcp
snoop
option
action drop
no circuit-id
no remote-id
exit
no shutdown
exit
exit