Table of Contents
Advertisement
4.9.7 DHCP Snooping
4.9.7.1 DHCP Snooping Overview
The addresses assigned to DHCP clients on unsecure ports can be carefully controlled using the dynamic bindings registered
with DHCP Snooping. DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which
send port-related information to a DHCP server. This information can be useful in tracking an IP address back to a physical port.
Command Usage
Network traffic may be disrupted when malicious DHCP messages are received from an outside source.
used to filter DHCP messages received on a non-secure interface from outside the network or firewall.
snooping is enabled globally and enabled on a VLAN interface,
a device not listed in the DHCP snooping table will be dropped.
Table entries are only learned for trusted interfaces. An entry is added or removed dynamically to the DHCP snooping table
when a client receives or releases an IP address from a DHCP server. Each entry includes a MAC address, IP address,
lease time, VLAN identifier, and port identifier.
When DHCP snooping is enabled, DHCP messages entering an untrusted interface are filtered based upon dynamic entries
learned via DHCP snooping.
Filtering rules are implemented as follows:
User's Manual of LRP-822CS/LRP-1622CS
DHCP messages received on an untrusted interface from
243
DHCP snooping is
When DHCP
Advertisement
Table of Contents
