![background image](/i/d-link/90968/d-link-des-3528/h/d-link-des-3528-260.png)
xStack® DES-3528/DES-3552 Series Layer 2 Fast Ethernet Managed Switch CLI Reference Guide
260
F
ILTER
C
OMMANDS
(DHCP
S
ERVER
/
N
ET
BIOS)
DHCP Server Screening Settings
This function allows you not only to restrict all DHCP Server packets but also to receive any specified DHCP server
packets by any specified DHCP client. It is useful when one or more than one DHCP servers are present on the
network and both provide DHCP services to different distinct groups of clients. It requires the support of ACL to enable
the DHCP server filter function and it will create a deny rule with low priority to block the packets from the untrusted
DHCP server. Similarly, the addition of a permitted DHCP entry should be created by ACL with high priority so as to
permit packets from the trusted DHCP server.
When the DHCP Server filter function is enabled, all DHCP Server packets will be filtered from a specific port. Also,
you are allowed to create entries for specific port-based Server IP address and Client MAC address binding entries.
Be aware that the DHCP Server filter function must be enabled first. Once all settings are complete, all DHCP Server
packets will be filtered from a specific port except those that meet the Server IP Address and Client MAC Address
binding.
NetBIOS Filtering Setting
When the NetBIOS filter is enabled, all NetBIOS packets will be filtered from the specified port. Enabling the NetBIOS
filter will create one access profile and create three access rules per port (UDP port numbers 137 and 138 and TCP
port number 139).
For Extensive NetBIOS Filter, when it is enabled, all NetBIOS packets over 802.3 frames will be filtered from the
specified port. This command is used to configure the state of the NetBIOS filter. Enabling the Extensive NetBIOS
filter will create one access profile and create one access rule per port (DSAP (Destination Service Access Point) =F0,
and SASP (Source Service Access Point) =F0).
The DHCP Server/NetBIOS Filter commands in the Command Line Interface (CLI) are listed (along with the
appropriate parameters) in the following table.
Command
Parameters
config filter dhcp_server
[add permit server_ip <ipaddr> {client_mac <macaddr>} ports [<portlist>
| all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | ports [<portlist> | all] state [enable | disable] |
illegal_server_log_suppress_duration [1min | 5min | 30min] | trap_log
[enable | disable]]
show filter dhcp_server
config filter netbios
[<portlist> | all] state [enable | disable]
show filter netbios
config filter extensive_netbios
[<portlist> | all] state [enable | disable]
show filter extensive_netbios
Each command is listed, in detail, in the following sections.
config filter dhcp_server
Purpose
DHCP server packets except those that have been IP/client MAC bound will be filtered. This
command is used to configure the state of the function for filtering of DHCP server packet
and to add/delete the DHCP server/client binding entry.
Syntax
config filter dhcp_server [add permit server_ip <ipaddr> {client_mac <macaddr>}
ports [<portlist> | all] | delete permit server_ip <ipaddr> {client_mac <macaddr>} ports
[<portlist> | all] | ports [<portlist> | all] state [enable | disable] |
illegal_server_log_suppress_duration [1min | 5min | 30min] | trap_log [enable |
disable]]
Description
This command has two purposes: to filter all DHCP server packets on the specified port(s)