Configuring Dhcp Snooping; Overview; Dhcp Snooping Functions - HP 1910 User Manual

Configuring DHCP snooping

NOTE:
A DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server,
and it can work when it is between the DHCP client and relay agent or between the DHCP client and
server.

Overview

DHCP snooping functions

As a DHCP security feature, DHCP snooping can provide the following functions:
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers.
1.
Recording the IP-to-MAC mappings of DHCP clients.
2.
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses and
network configuration parameters, and cannot communicate with other network devices. DHCP
snooping ensures the clients to obtain IP addresses from authorized DHCP servers through trusted or
untrusted port configuration.
Trusted—A trusted port forwards DHCP messages normally.
•
• Untrusted—An untrusted port discards the DHCP-ACK or DHCP-OFFER messages received from
any DHCP server.
Configure the ports connected to DHCP servers and other DHCP snooping devices as trusted ports and
configure other ports as untrusted ports.
Recording IP-to-MAC mappings of DHCP clients
DHCP snooping reads DHCP-REQUEST and DHCP-ACK messages received from trusted ports to create
DHCP snooping entries that each include the MAC address of a client, IP address obtained by the client,
port connected to the DHCP client, and VLAN to which the port belongs. The DHCP snooping entries can
be used by ARP detection to prevent ARP attacks.
285