Operation Manual - Network Protocol
Quidway S3000-EI Series Ethernet Switches
Chapter 2 DHCP-Snooping Configuration
2.1 DHCP-Snooping Overview
For security, the IP addresses used by online users may be recorded to confirm the
association between the users' IP addresses and their MAC addresses. The Layer 3
Ethernet switch records the IP addresses obtained by the clients with DHCP Relay,
while the Layer 2 Ethernet switch listens to the DHCP broadcast packets for this
purpose.
To assign IP addresses to the clients, DHCP server transmits DHCPACK packets. After
received the packets, the client can obtain an IP address. Snooping DHCPACK is a way
to know the clients' IP addresses.
The client broadcasts DHCPREQUEST packet to request DHCP server to assign
address. The IP address requested through DHCPREQUEST is the same as that
assigned through DHCPACK. So snooping DHCPREQUEST is another way to know
clients' IP addresses.
With DHCP-Snooping enabled, the switch can distract IP address and MAC address
from the DHCPACK or DHCPREQUEST packets received and record them.
In addition, pseudo-DHCP servers in the network may cause users to get incorrect IP
addresses. To guarantee that users can obtain IP address from the legal DHCP servers,
DHCP-Snooping allows ports to be set as trusted or distrusted. The former ports
connect DHCP servers or other switches and the latter ports connect users or network.
Distrusted ports discard the DHCPACK and DHCPOFF packets from DHCP servers,
whereas trusted ports forward these types of packets. In this way, users can get correct
IP address.
2.2 Configure DHCP-Snooping
DHCP-Snooping configuration includes:
Enable/Disable the DHCP-Snooping function of the Switch
Setting the port as trusted port
2.2.1 Enable/Disable the DHCP-Snooping Function of the Switch
Perform the following configuration in System view.
Huawei Technologies Proprietary
2-1
Chapter 2 DHCP-Snooping Configuration