Table of Contents
Advertisement
4.9.3 DHCP Snooping
4.9.3.1 DHCP Snooping Overview
The addresses assigned to DHCP clients on unsecure ports can be carefully controlled using the dynamic bindings registered
with DHCP Snooping. DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which
send port-related information to a DHCP server. This information can be useful in tracking an IP address back to a physical port.
Command Usage
• Network traffic may be disrupted when malicious DHCP messages are received from an outside source.
used to filter DHCP messages received on a non-secure interface from outside the network or firewall.
snooping is enabled globally and enabled on a VLAN interface,
a device not listed in the DHCP snooping table will be dropped.
• Table entries are only learned for trusted interfaces. An entry is added or removed dynamically to the DHCP snooping table
when a client receives or releases an IP address from a DHCP server. Each entry includes a MAC address, IP address, lease
time, VLAN identifier, and port identifier.
• When DHCP snooping is enabled, DHCP messages entering an untrusted interface are filtered based upon dynamic entries
learned via DHCP snooping.
• Filtering rules are implemented as follows:
If the global DHCP snooping is disabled, all DHCP packets are forwarded.
User's Manual of GS-4210-16T2S_24T2S_16P2S_24P2S_48T4S
DHCP messages received on an untrusted interface from
258
DHCP snooping is
When DHCP
- Quick Links:
- Administration Console
Hide quick links:
Advertisement
Table of Contents
