Securing the Network in Oracle^® Solaris 11.3

How to Specify DHCP Clients to Protect Against DHCP Spoofing

Before You Begin

The dhcp-nospoof protection type is enabled, as shown in How to Enable Link Protection.

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

1. Verify that you have enabled protection against DHCP spoofing.

   # dladm show-linkprop -p protection link
   LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
   link      protection      rw   dhcp-nospoof dhcp-nospoof --        mac-nospoof,
                                                                     restricted,
                                                                     ip-nospoof,
                                                                     dhcp-nospoof

2. Specify an ASCII phrase for the allowed-dhcp-cids link property.

   # dladm set-linkprop -p allowed-dhcp-cids=CID-or-DUID[,CID-or-DUID,...] link

   The following example shows how to specify the string hello as the value for the allowed-dhcp-cids property for the vnic0 link:

   # dladm set-linkprop -p allowed-dhcp-cids=hello vnic0

   For more information, see the dladm(1M) man page.