25
Introduction to DHCP
Snooping
DHCP S
NOOPING
For the sake of security, the IP addresses used by online DHCP clients need to be
tracked for the administrator to verify the corresponding relationship between the
IP addresses the DHCP clients obtained from DHCP servers and the MAC addresses
of the DHCP clients.
Switches can track DHCP clients' IP addresses through the security function of
■
the DHCP relay agent operating at the network layer.
Switches can track DHCP clients' IP addresses through the DHCP snooping
■
function at the data link layer.
Figure 87 illustrates a typical network diagram for DHCP snooping application,
where Switch A is a Switch 4210.
Figure 87 Typical network diagram for DHCP snooping application
DHCP Client
DHCP Client
DHCP Client
DHCP Client
DHCP snooping listens the DHCP-REQUEST packets to retrieve the IP addresses the
DHCP clients obtain from DHCP servers and the MAC addresses of the DHCP
clients:
C
ONFIGURATION
Eth 1 / 0 / 1
Eth 1 / 0 / 2
Switch A
( DHCP Snooping )
DHCP Server
Internet
Switch B
( DHCP Relay )