2-‐4.2
S nooping
DHCP
S nooping
i s
u sed
t o
b lock
i ntruders
o n
t he
u ntrusted
p orts
o f
t he
s witch
d evice
w hen
t hey
t ry
t o
intervene
b y
i njecting
a
b ogus
D HCP
r eply
p acket
t o
a
l egitimate
c onversation
b etween
t he
D HCP
client
a nd
s erver.
The
s ection
d escribes
h ow
t o
c onfigure
t he
D HCP
S nooping
p arameters
o f
t he
s witch.
T he
D HCP
Snooping
c an
p revent
a ttackers
f rom
a dding
t heir
o wn
D HCP
s ervers
t o
t he
n etwork.
Web
I nterface
To
c onfigure
D HCP
s nooping
i n
t he
w eb
i nterface:
1. Click
C onfiguration,
D HCP,
S nooping.
2. Select
" Enabled"
i n
t he
D HCP
S nooping
C onfiguration
m ode.
3. Select
" Trusted"
f or
t he
s pecific
p ort
i n
P ort
M ode
C onfiguration.
4. Click
A pply.
Figure
2 -‐4.2:
The
D HCP
S nooping
C onfiguration
Parameter
d escription:
Snooping
M ode:
Indicates
t he
D HCP
s nooping
m ode
o peration.
P ossible
m odes
a re:
Enabled:
E nable
D HCP
s nooping
m ode
o peration.
W hen
D HCP
s nooping
m ode
o peration
i s
e nabled,
the
DHCP
request
messages
will
be
forwarded
to
trusted
ports
and
only
allow
reply
packets
from
trusted
p orts.
Disabled:
D isable
D HCP
s nooping
m ode
o peration.
Port
M ode
C onfiguration
Indicates
t he
D HCP
s nooping
p ort
m ode.
P ossible
p ort
m odes
a re:
26
Publication date: Sept, 2015
Revision A1