Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: September 2018
 
 

How to Specify DHCP Clients to Protect Against DHCP Spoofing

Before You Begin

The dhcp-nospoof protection type is enabled, as shown in How to Enable Link Protection.

You must become an administrator who is assigned the Network Link Security rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. Verify that you have enabled protection against DHCP spoofing.
    # dladm show-linkprop -p protection link
    LINK     PROPERTY        PERM VALUE        EFFECTIVE    DEFAULT   POSSIBLE
    link      protection      rw   dhcp-nospoof dhcp-nospoof --        mac-nospoof,
                                                                      restricted,
                                                                      ip-nospoof,
                                                                      dhcp-nospoof
  2. Specify an ASCII phrase for the allowed-dhcp-cids link property.
    # dladm set-linkprop -p allowed-dhcp-cids=CID-or-DUID[,CID-or-DUID,...] link

    The following example shows how to specify the string hello as the value for the allowed-dhcp-cids property for the vnic0 link:

    # dladm set-linkprop -p allowed-dhcp-cids=hello vnic0

    For more information, see the dladm(1M) man page.