4-4Handling policy Sub-option configuration The DHCP Snooping device will…Remote ID sub-option isconfiguredForward the packet after replacing theremote ID sub-option of the original Option82 with the configured remote ID sub-optionin ASCII format.When receiving a DHCP client’s request without Option 82, the DHCP snooping device will add theoption field with the configured sub-option and then forward the packet. For details, see Table 4-2.Table 4-2 Ways of handling a DHCP packet without Option 82Sub-option configuration The DHCP-Snooping device will …Neither of the two sub-options isconfigured.Forward the packet after adding Option 82 with thedefault contents.The format of Option 82 is the one specified with thedhcp-snooping information format command or thedefault HEX format if this command is not executed.Circuit ID sub-option is configured. Forward the packet after adding Option 82 with theconfigured circuit ID sub-option in ASCII format.Remote ID sub-option is configured. Forward the packet after adding Option 82 with theconfigured remote ID sub-option in ASCII format.The circuit ID and remote ID sub-options in Option 82, which can be configured simultaneously orseparately, are independent of each other in terms of configuration sequence.When the DHCP snooping device receives a DHCP response packet from the DHCP server, the DHCPsnooping device will delete the Option 82 field, if contained, before forwarding the packet, or will directlyforward the packet if the packet does not contain the Option 82 field.Introduction to IP FilteringA denial-of-service (DoS) attack means an attempt of an attacker sending a large number of forgedaddress requests with different source IP addresses to the server so that the network cannot worknormally. The specific effects are as follows:z The resources on the server are exhausted, so the server does not respond to other requests.z After receiving such type of packets, a switch needs to send them to the CPU for processing. Toomany request packets cause high CPU usage rate. As a result, the CPU cannot work normally.z The switch can filter invalid IP packets through the DHCP-snooping table and IP static bindingtable.DHCP-snooping tableAfter DHCP snooping is enabled on a switch, a DHCP-snooping table is generated. It is used to recordIP addresses obtained from the DHCP server, MAC addresses, the number of the port through which aclient is connected to the DHCP-snooping-enabled device, and the number of the VLAN to which theport belongs to. These records are saved as entries in the DHCP-snooping table.
