Why Is Traffic Snooping And Inspection Necessary; Default Traffic Snooping And Inspection Values - Dell M6220 User Configuration Manual

Why Is Traffic Snooping and Inspection Necessary?

DHCP Snooping, IPSG, and DAI are security features that can help protect
the switch and the network against various types of accidental or malicious
attacks. It might be a good idea to enable these features on ports that provide
network access to hosts that are in physically unsecured locations or if
network users connect nonstandard hosts to the network.
For example, if an employee unknowingly connects a workstation to the
network that has a DHCP server, and the DHCP server is enabled, hosts that
attempt to acquire network information from the legitimate network DHCP
server might obtain incorrect information from the rogue DHCP server.
However, if the workstation with the rogue DHCP server is connected to a
port that is configured as untrusted and is a member of a DHCP Snooping-
enabled VLAN, the port discards the DHCP server messages.

Default Traffic Snooping and Inspection Values

DHCP snooping is disabled globally and on all VLANs by default. Ports are
untrusted by default.
Table 27-1. Traffic Snooping Defaults
Parameter
DHCP snooping mode
DHCP snooping VLAN mode
Interface trust state
DHCP logging invalid packets
DHCP snooping rate limit
DHCP snooping burst interval
DHCP snooping binding database
storage
DHCP snooping binding database
write delay
Static DHCP bindings
IPSG mode
IPSG port security
Default Value
Disabled
Disabled on all VLANs
Disabled (untrusted)
Disabled
15 packets per second
1 second
Local
300 seconds
None configured
Disabled on all interfaces
Disabled on all interfaces
Snooping and Inspecting Traffic
787