Introduction To Dhcp Snooping; Dhcp Snooping Features Supported By The S3700 - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security

3.1 Introduction to DHCP Snooping

This section describes the principle of DHCP snooping.
DHCP snooping intercepts and analyzes DHCP messages transmitted between DHCP clients
and a DHCP server. In this manner, DHCP snooping creates and maintains a DHCP snooping
binding table, and filters untrusted DHCP messages according to the table. The binding table
contains the MAC address, IP address, lease, binding type, VLAN ID, and interface information.
DHCP snooping ensures that authorized users can access the network by recording the mapping
between IP addresses and MAC addresses of clients. In this manner, DHCP snooping acts as a
firewall between DHCP clients and a DHCP server.
DHCP snooping prevents attacks including DHCP Denial of Service (DoS) attacks, bogus DHCP
server attacks, and bogus DHCP messages for extending IP address leases.

3.2 DHCP Snooping Features Supported by the S3700

This section describes the DHCP snooping features supported by the S3700.
The S3700 supports security features such as the trusted interface, DHCP snooping binding
table, binding of the IP address, MAC address, interface, and VLANID, and Option 82. In this
manner, security of the device enabled with DHCP is ensured.
Applying DHCP Snooping on the S3700 on a Layer 2 Network
When being deployed on a Layer 2 network, the S3700 is located between the DHCP relay and
the Layer 2 user network.
DHCP snooping is enabled.
Issue 01 (2011-07-15)
NOTE
In this manual, DHCP snooping includes DHCPv4 snooping and DHCPv6 snooping.
Figure 3-1
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
shows the DHCP snooping application on the S3700 where
3 DHCP Snooping Configuration
89