Dhcp Trusted Ports; How The Dhcp Snooping Binding Database Is Built - Cisco SF500-24 Administration Manual
Esw2 series advanced switches
Hide thumbs
Also See for SF500-24:
- Administration manual (477 pages) ,
- Quick start manual (72 pages) ,
- Quick start manual (25 pages)
Table of Contents
Advertisement
17
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
301
The DHCP Snooping Binding database is also used by IP Source Guard and
Dynamic ARP Inspection features to determine legitimate packet sources.
DHCP Trusted Ports
Ports can be either DHCP trusted or untrusted. By default, all ports are untrusted.
To create a port as trusted, use the DHCP Snooping Interface Settings page.
Packets from these ports are automatically forwarded. Packets from trusted ports
are used to create the Binding database and are handled as described below.
If DHCP Snooping is not enabled, all ports are trusted by default.
How the DHCP Snooping Binding Database is Built
The following describes how the device handles DHCP packets when both the
DHCP client and DHCP server are trusted. The DHCP Snooping Binding database
is built in this process.
DHCP Trusted Packet Handling
The actions are:
Device sends DHCPDISCOVER to request an IP address or DHCPREQUEST to
accept an IP address and lease.
Device snoops packet and adds the IP-MAC information to the DHCP Snooping
Binding database.
Device forwards DHCPDISCOVER or DHCPREQUEST packets.
DHCP server sends DHCPOFFER packet to offer an IP address, DHCPACK to
assign one, or DHCPNAK to deny the address request.
Device snoops packet. If an entry exists in the DHCP Snooping Binding table that
matches the packet, the device replaces it with IP-MAC binding on receipt of
DHCPACK.
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
IP Configuration
IPv4 Management and Interfaces
Hide quick links:
Advertisement
Table of Contents
