46 G8264 Application Guide for ENOS 8.4Domain-Specific BOOTP Relay Agent ConfigurationUse the following commands to configure up to five domain‐specific BOOTP relayagents for each of up to 10 VLANs:As with global relay agent servers, domain‐specific BOOTP/DHCP functionalitymay be assigned on a per‐interface basis (see Step 2 in page 45).DHCP Option 82DHCP Option 82 provides a mechanism for generating IP addresses based on theclient device’s location in the network. When you enable the DHCP relay agentoption on the switch, it inserts the relay agent information option 82 in the packet,and sends a unicast BOOTP request packet to the DHCP server. The DHCP serveruses the option 82 field to assign an IP address, and sends the packet, with theoriginal option 82 field included, back to the relay agent. DHCP relay agent stripsoff the option 82 field in the packet and sends the packet to the DHCP client.Configuration of this feature is optional. The feature helps resolve several issueswhere untrusted hosts access the network. See RFC 3046 for details.Use the following commands to configure DHCP Option 82:DHCP SnoopingDHCP snooping provides security by filtering untrusted DHCP packets and bybuilding and maintaining a DHCP snooping binding table. This feature isapplicable only to IPv4 and only works in non‐stacking mode.An untrusted interface is a port that is configured to receive packets from outsidethe network or firewall. A trusted interface receives packets only from within thenetwork. By default, all DHCP ports are untrusted.The DHCP snooping binding table contains the MAC address, IP address, leasetime, binding type, VLAN number, and port number that correspond to the localuntrusted interface on the switch; it does not contain information regarding hostsinterconnected with a trusted interface.By default, DHCP snooping is disabled on all VLANs. You can enable DHCPsnooping on one or more VLANs. You must enable DHCP snooping globally. Toenable this feature, enter the following commands:RS G8264(config)# ip bootp relay bcast domain <1‐10> vlan number>RS G8264(config)# ip bootp relay bcast domain <1‐10> server <1‐5> address address>RS G8264(config)# ip bootp relay bcast domain <1‐10> enableRS G8264(config)# ip bootp relay information enable (Enable Option 82)RS G8264(config)# ip bootp relay enable (Enable DHCP relay)RS G8264(config)# ip bootp relay server <1‐5> address address>RS G8264(config)# ip dhcp snooping vlan number(s)>RS G8264(config)# ip dhcp snooping
