Dhcp Snooping Configuration; Dhcp Snooping Overview; Functions Of Dhcp Snooping - H3C S5120-SI Series Operation Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Configuration manual (745 pages) ,
- Installation manual (70 pages)
Table of Contents
Advertisement
3
DHCP Snooping Configuration
When configuring DHCP snooping, go to these sections for information you are interested in:
DHCP Snooping Overview
Configuring DHCP Snooping Basic Functions
Configuring DHCP Snooping to Support Option 82
Displaying and Maintaining DHCP Snooping
DHCP Snooping Configuration Examples
The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP
server, and it can work when it is between the DHCP client and relay agent or between the DHCP client
and server.
DHCP Snooping Overview
Functions of DHCP Snooping
As a DHCP security feature, DHCP snooping can implement the following:
1)
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
2)
Recording IP-to-MAC mappings of DHCP clients
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses
and network configuration parameters, and cannot normally communicate with other network devices.
With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the
clients to obtain IP addresses from authorized DHCP servers.
Trusted: A trusted port forwards DHCP messages normally.
Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages from any
DHCP server.
You should configure ports that connect to authorized DHCP servers or other DHCP snooping devices
as trusted, and other ports as untrusted. With such configurations, DHCP clients obtain IP addresses
from authorized DHCP servers only, while unauthorized DHCP servers cannot assign IP addresses to
DHCP clients.
3-1
Advertisement
Chapters
Table of Contents
Troubleshooting
