Dhcp Snooping Overview - H3C S3610-28P Operation Manual

Operation Manual – DHCP
H3C S3610&S5510 Series Ethernet Switches
Chapter 5 DHCP Snooping Configuration
When configuring DHCP snooping, go to these sections for information you are
interested in:

DHCP Snooping Overview

Configuring DHCP Snooping Basic Functions
Configuring DHCP Snooping to Support Option 82
Displaying and Maintaining DHCP Snooping
DHCP Snooping Configuration Example
Note:
DHCP Snooping supports no link aggregation. If an Ethernet port is added into an
aggregation group, DHCP Snooping configuration on it will not take effect. When the
port is removed from the group, DHCP Snooping can take effect.
The DHCP snooping enabled device does not work if it is between the DHCP relay
agent and DHCP server, and it can work when it is between the DHCP client and
relay agent or between the DHCP client and server.
The DHCP Snooping enabled device cannot be a DHCP server or DHCP relay
agent.
You are not recommended to enable the DHCP client, BOOTP client, and DHCP
Snooping on the same device. Otherwise, DHCP Snooping entries may fail to be
generated, or the BOOTP client/DHCP client may fail to obtain an IP address.
5.1 DHCP Snooping Overview
5.1.1 Function of DHCP Snooping
As a DHCP security feature, DHCP snooping can implement the following:
I. Recording IP-to-MAC mappings of DHCP clients
For security sake, a network administrator needs to record the mapping between a
client's IP address obtained from the DHCP server and the client's MAC address.
DHCP snooping can meet the need.
DHCP snooping records clients' MAC and IP addresses by reading their
DHCP-REQUEST and DHCP-ACK messages from trusted ports. The network
administrator can check out which IP addresses are assigned to the DHCP clients with
the display dhcp-snooping command.
Chapter 5 DHCP Snooping Configuration
5-1