Configuring Dhcp Snooping; Overview - HP FlexNetwork MSR2003 Configuration Manual
Flexnetwork msr router series
Hide thumbs
Also See for FlexNetwork MSR2003:
- Configuration manual (350 pages) ,
- Command reference manual (471 pages) ,
- Manual (73 pages)
Table of Contents
Advertisement
Configuring DHCP snooping
This feature is supported only on the following ports:
•
Layer 2 Ethernet ports on the following modules:
HMIM-8GSW.
HMIM-24GSW.
HMIM-24GSWP.
SIC-4GSW.
SIC-4GSWP.
•
Fixed Layer 2 Ethernet ports on MSR2004-24/2004-48 routers.
•
Fixed Layer 2 Ethernet ports on MSR1002-4/1003-8S routers.
Overview
DHCP snooping works between the DHCP client and server, or between the DHCP client and DHCP
relay agent. It guarantees that DHCP clients obtain IP addresses from authorized DHCP servers.
Also, it records IP-to-MAC bindings of DHCP clients (called DHCP snooping entries) for security
purposes.
DHCP snooping does not work between the DHCP server and DHCP relay agent.
DHCP snooping defines trusted and untrusted ports to make sure clients obtain IP addresses only
from authorized DHCP servers.
•
Trusted—A trusted port can forward DHCP messages correctly to make sure the clients get IP
addresses from authorized DHCP servers.
•
Untrusted—An untrusted port discards received DHCP-ACK and DHCP-OFFER messages to
prevent unauthorized servers from assigning IP addresses.
DHCP snooping reads DHCP-ACK messages received from trusted ports and DHCP-REQUEST
messages to create DHCP snooping entries. A DHCP snooping entry includes the MAC and IP
addresses of a client, the port that connects to the DHCP client, and the VLAN.
The following features need to use DHCP snooping entries:
•
ARP fast-reply—Uses DHCP snooping entries to reduce ARP broadcast traffic. For more
information, see
•
ARP detection—Uses DHCP snooping entries to filter ARP packets from unauthorized clients.
For more information, see Security Configuration Guide.
•
MAC-forced forwarding (MFF)—Auto-mode MFF performs the following tasks:
Intercepts ARP requests from clients.
Uses DHCP snooping entries to find the gateway address.
Returns the gateway MAC address to the clients.
This feature forces the client to send all traffic to the gateway so that the gateway can monitor
client traffic to prevent malicious attacks among clients. For more information, see Security
Configuration Guide.
•
IP source guard—Uses DHCP snooping entries to filter illegal packets on a per-port basis. For
more information, see Security Configuration Guide.
•
VLAN mapping—Uses DHCP snooping entries to replace service provider VLAN in packets
with customer VLAN before sending the packets to clients. For more information, see Layer
2—LAN Switching Configuration Guide.
"Configuring ARP
fast-reply."
83
- Quick Links:
- Configuring Ip Addressing
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
