Configuring Ports
for DHCP Snooping
3.
Enable DHCP Snooping on any existing VLAN.
4.
Click Apply
Figure 234: Configuring DHCP Snooping on a VLAN
Use the IP Service > DHCP > Snooping (Configure Interface) page to configure
switch ports as trusted or untrusted.
Command Usage
◆
A trusted interface is an interface that is configured to receive only messages
from within the network. An untrusted interface is an interface that is
configured to receive messages from outside the network or fire wall.
◆
When DHCP snooping is enabled both globally and on a VLAN, DHCP packet
filtering will be performed on any untrusted ports within the VLAN.
◆
When an untrusted port is changed to a trusted port, all the dynamic DHCP
snooping bindings associated with this port are removed.
◆
Set all ports connected to DHCP servers within the local network or fire wall to
trusted state. Set all other ports outside the local network or fire wall to
untrusted state.
Parameters
These parameters are displayed:
◆
Trust Status – Enables or disables a port as trusted. (Default: Disabled)
◆
Circuit ID – Specifies DHCP Option 82 circuit ID suboption information.
Mode – Specifies the default string "VLAN-Unit-Port" or an arbitrary string.
■
(Default: VLAN-Unit-Port)
Value – An arbitrary string inserted into the circuit identifier field.
■
(Range: 1-32 characters)
– 385 –
Chapter 12
| Security Measures
DHCP Snooping