Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses and
network configuration parameters, and cannot normally communicate with other network devices. With
DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to
obtain IP addresses from authorized DHCP servers.
•
Trusted—A trusted port forwards DHCP messages normally.
Untrusted—An untrusted port discards the DHCP-ACK or DHCP-OFFER messages received from any
•
DHCP server.
Configuring the DHCP server
Recommended configuration procedure
Task
Enabling DHCP
Creating a static address pool
for the DHCP server
Creating a dynamic address
pool for the DHCP server
Enabling the DHCP server on an
interface
Enabling DHCP
1.
Select Network > DHCP from the navigation tree to enter the default DHCP Server page shown
in
Figure
2.
Select the Enable option for DHCP Service to enable DHCP globally.
Remarks
Required.
Enable DHCP globally.
By default, global DHCP is disabled.
Required to configure either of the two.
IMPORTANT:
•
If the DHCP server and DHCP clients are on the same subnet, make sure
the address pool is on the same network segment as the interface with the
DHCP server enabled. Otherwise, the clients fail to obtain IP addresses.
•
If a DHCP client obtains an IP address via a DHCP relay agent, an IP
address pool on the same network segment as the DHCP relay agent
interface must be configured. Otherwise, the client fails to obtain an IP
address.
Optional.
With the DHCP server enabled on an interface, upon receiving a client's
request, the DHCP server assigns an IP address from its address pool to the
DHCP client.
With DHCP enabled, interfaces work in the DHCP server mode.
IMPORTANT:
•
An interface cannot serve as both the DHCP server and the DHCP relay
agent. The latest configuration takes effect.
•
The DHCP server works on interfaces with IP addresses manually
configured only.
246.
262