Dhcp Snooping Configuration; Dhcp Snooping Overview; Introduction To Dhcp Snooping - H3C S5100-SI Operation Manual

Ethernet switches

Hide thumbs Also See for H3C S5100-SI:

Table of Contents

DHCP Snooping Configuration

When configuring DHCP snooping, go to these sections for information you are interested in:

Configuring DHCP Snooping

Displaying DHCP Snooping Configuration

DHCP Snooping Configuration Examples

DHCP Snooping Overview

For the sake of security, the IP addresses used by online DHCP clients need to be tracked for the

administrator to verify the corresponding relationship between the IP addresses the DHCP clients

obtained from DHCP servers and the MAC addresses of the DHCP clients.

Layer 3 switches can track DHCP clients' IP addresses through the security function of the DHCP

relay agent operating at the network layer.

Layer 2 switches can track DHCP clients' IP addresses through the DHCP snooping function at the

data link layer.

When an unauthorized DHCP server exists in the network, a DHCP client may obtains an illegal IP

address. To ensure that the DHCP clients obtain IP addresses from valid DHCP servers, you can

specify a port to be a trusted port or an untrusted port by the DHCP snooping function.

Trusted: A trusted port is connected to an authorized DHCP server directly or indirectly. It forwards

DHCP messages to guarantee that DHCP clients can obtain valid IP addresses.

Untrusted: An untrusted port is connected to an unauthorized DHCP server. The DHCP-ACK or

DHCP-OFFER packets received from the port are discarded, preventing DHCP clients from

receiving invalid IP addresses.

illustrates a typical network diagram for DHCP snooping application, where Switch A is an

S5100-SI/EI series Ethernet switch.

Table of Contents

H3c s5100-ei