This chapter explains how to configure IPv4 DHCP filters. It contains the following sections:
- About IPv4 DHCP Filters
- About MAC Address Filters
- About Relay Agent Filters
- About Option Filters
- About DHCP Fingerprint Filters
- Applying Filters to DHCP Objects
- Managing DHCP Filters
About IPv4 DHCP Filters
To control how the appliance allocates IPChapter 32, Authenticated DHCP.)
When you define DHCP filters, you classify DHCP clients based on the information provided by the clients or by the RADIUS server. When you apply filters to an address range, the appliance responds to your address requests based on your configuration. The appliance also decides which DHCP options to return to the matching clients based on how you apply the filters. For more information, see Applying Filters to DHCP Objects.
You can use filters to control address allocation based on your network requirements. For example, you can use DHCP filters to screen unmanaged hosts on a network by denying their address and option requests. If you have multiple DHCP address ranges on the same network and you want to assign IP addresses from specific address ranges to specific clients, you can use filters to screen the address assignments. For information, see IP Address Allocation.
The appliance supports the following filters:
- MAC address filters: Use MAC addresses as matching criteria for granting or denying address requests. For information, see About MAC Address Filters.
- Relay agent filters: Identify remote hosts by matching the relay agent identifiers in the DHCPDISCOVER messages. For information, see About Relay Agent Filters.
- Option filters: Classify hosts by matching the DHCP options and values sent by the requesting hosts. For information, see About Option Filters.
- DHCP fingerprint filter: Identify remote clients by matching the option number sequence or vendor ID sent in option 55 and 60 of the DHCP request against the DHCP fingerprints cached on the system. For information about DHCP fingerprint filters, see About DHCP Fingerprint Filters. For information about DHCP fingerprint detection, see DHCP Fingerprint Detection.
- NAC filters: Use authentication results from a RADIUS authentication server group as matching criteria for granting or denying address requests. For information, see Chapter 32, Authenticated DHCP.
You can use MAC, option, and NAC filters to define DHCP options that matching clients can receive. Depending on how you apply a filter, all DHCP clients with matching criteria can receive all or some of the DHCP options defined in the filter. DHCP options defined for a matching filter supersede those defined at the Grid, member, network, and DHCP range levels. Options defined for a filter that is in the Class Filter List of an address range supersede those defined in the Logic Filter List. For more information about how the appliance returns options and how to apply DHCP filters, see Applying Filters to DHCP Objects.
This page has no comments.