| Configuring the Switch
C
4
HAPTER
Configuring Security
C
DHCP
ONFIGURING
S
NOOPING
Click Save.
4.
Figure 34: Access Control List Configuration
Use the DHCP Snooping Configuration page to filter IP traffic on insecure
ports for which the source address cannot be identified via DHCP snooping.
The addresses assigned to DHCP clients on insecure ports can be carefully
controlled using the dynamic bindings registered with DHCP Snooping (or
using the static bindings configured with IP Source Guard). DHCP snooping
allows a switch to protect a network from rogue DHCP servers or other
devices which send port-related information to a DHCP server. This
information can be useful in tracking an IP address back to a physical port.
P
ATH
Advanced Configuration, Security, Network, DHCP, Snooping
C
U
OMMAND
SAGE
DHCP Snooping Process
Network traffic may be disrupted when malicious DHCP messages are
◆
received from an outside source. DHCP snooping is used to filter DHCP
messages received on a non-secure interface from outside the network
or fire wall. When DHCP snooping is enabled globally and enabled on a
VLAN interface, DHCP messages received on an untrusted interface
from a device not listed in the DHCP snooping table will be dropped.
– 108 –