Can the switch check for DHCP packets with duplicate options

1

In V100R006 and later versions, you can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for DHCP packets with duplicate options.

Other related questions:
Duplicate option check in DHCP packets on S series switch
As specified in RFC, duplicate Options are not recommended in a DHCP packet if the length of the Option field in the DHCP packet does not exceed 255 bytes. However, different vendors process the Option field differently. DHCP response packets sent from some servers may contain duplicate options, such as Option 3 and Option 51. In some versions, after DHCP is enabled using the dhcp enable command, the switch drops received DHCP packets with duplicate options. In V100R003 and earlier versions, the switch checks for duplicate options in DHCP packets by default. In V100R006 and later versions, the switch does not check for duplicate options in DHCP packets by default. You can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for duplicate options in DHCP packets.

DHCP option 60 support
S series switches (except S1700 switches) support the Option 60 field of DHCP Request packets only when they function as DHCP clients.

Does the switch check the checksums of DHCP packets
If DHCP has been enabled using the dhcp enable command in the system view, the switch checks the checksums of all the DHCP packets passing through the switch. The switch checks the IP checksum and UDP checksum of each DHCP packet.

DHCP packet checksum check on S series switch
After the dhcp enable command is executed in the system view of S series switches, the switch checks the checksum of all passing DHCP packets as well as IP and UDP checksums.

Why cannot an AR router be configured with IP packet check options
The IP packet check options can be configured only on the Layer 2 interface of an AR router by running the IP source check command. On the Layer 3 interface, the interface must be converted to a Layer 2 interface before IP packet check options can be configured.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top