Dhcp Snooping - Dell PowerConnect 5548P System User's Manual

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell

DHCP Snooping

This section describes DHCP snooping.
It contains the following topics:
• DHCP Snooping Overview
• Global Parameters
• VLAN Settings
• Trusted Interfaces
• Snooping Binding Database
DHCP Snooping Overview
DHCP snooping expands network security by providing layer security
between untrusted interfaces and DHCP servers. By enabling DHCP
snooping, network administrators can differentiate between trusted interfaces
connected to end-users or DHCP Servers, and untrusted interfaces located
beyond the network firewall.
How DHCP Snooping Works
DHCP snooping filters untrusted messages, and stores these messages in a
database. Interfaces are untrusted if the packet is received from an interface
outside the network, or from an interface beyond the network firewall.
Trusted interfaces receive packets only from within the network or the
network firewall.
The DHCP Snooping Binding database contains the untrusted interfaces'
MAC address, IP address, Lease Time, VLAN ID, and interface information.
Table 19-1 describes how DHCP packets are handled when DHCP snooping
is enabled on an interface.
Table 19-1. DHCP Packet Handling when DHCP Snooping is Enabled
Packet Type
DHCPDISCOVER
D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 9 / 1 1 / 1 2 - F O R P R O O F O N LY
574
Dell PowerConnect 55xx Systems User Guide
Contax\CxUGSwitching_DHCP.fm
Arriving from Untrusted
Ingress Interface
Forward to trusted
interfaces only.
Arriving from Trusted
Ingress Interface
Forwarded to trusted
interfaces only.