Alcatel-Lucent 6800 Switch User Manual


 
Software Supported
page 20 OmniSwitch 6800/6850/9000—Release 6.1.3.R01
BPDU Shutdown Ports
It is possible to configure a global UserPorts profile, as described in “ACL & Layer 3 Security”, to moni-
tor BPDU on user ports. Such a profile also determines whether user ports will filter BPDU or will admin-
istratively shutdown when BPDU are received on the port. Note that this functionality only applies to ports
that are designated as members of the UserPorts port group.
A port configured to administratively shutdown when BPDU are detected will generate an inferior BPDU
every 5 seconds. This will prevent loops in the network if two BPDU shutdown ports are accidentally
bridged together either through an external loop or through a hub, since both ports would be receiving
inferior BPDUs.
Command Line Interface (CLI)
Alcatel-Lucent’s command line interface (CLI) is a text-based configuration interface that allows you to
configure switch applications and to view switch statistics. Each CLI command applicable to the switch is
defined in the CLI Reference guide. All command descriptions listed in the Reference Guide include
command syntax definitions, defaults, usage guidelines, example screen output, and release history.
The CLI uses single-line text commands that are similar to other industry standard switch interfaces.
DHCP Relay
DHCP Relay allows you to forward DHCP broadcast requests to configurable DHCP server IP address in
a routing environment.
DHCP Relay is configured using the IP helper set of commands.
DHCP Option-82 (Relay Agent Information Option)
The DHCP Option-82 feature enables the relay agent to insert identifying information into client-origi-
nated DHCP packets before the packets are forwarded to the DHCP server. The implementation of this
feature is based on the functionality defined in RFC 3046.
When DHCP Option-82 is enabled, communications between a DHCP client and a DHCP server are
authenticated by the relay agent. To accomplish this task, the agent adds Option-82 data to the end of the
options field in DHCP packets sent from a client to a DHCP server.
If the relay agent receives a DHCP packet from a client that already contains Option-82 data, the packet is
dropped by default. However, it is possible to configure a DHCP Option-82 policy that directs the relay
agent to drop, keep, or replace the existing Option-82 data and then forward the packet to the server.
DHCP Option-82 is supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series. The
6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.
DHCP Snooping
DHCP Snooping improves network security by filtering DHCP packets received from devices outside the
network and building and maintaining a binding table (database) to log DHCP client access information.
There are two levels of operation available for the DHCP Snooping feature: switch level or VLAN level.
To identify DHCP traffic that originates from outside the network, DHCP Snooping categorizes ports as
either trusted or untrusted. A port is trusted if it is connected to a device inside the network, such as a
DHCP server. A port is untrusted if it is connected to a device outside the network, such as a customer
switch or workstation. The port trust mode is also configurable through the CLI.
Additional DHCP Snooping functionality includes the following: