C
P
ONFIGURING
ORTS
DHCP S
FOR
NOOPING
Use the IP Service > DHCP > Snooping (Configure Interface) page to
configure switch ports as trusted or untrusted.
CLI R
EFERENCES
"ip dhcp snooping trust" on page 907
◆
C
U
OMMAND
SAGE
A trusted interface is an interface that is configured to receive only
◆
messages from within the network. An untrusted interface is an
interface that is configured to receive messages from outside the
network or fire wall.
◆
When DHCP snooping is enabled both globally and on a VLAN, DHCP
packet filtering will be performed on any untrusted ports within the
VLAN.
When an untrusted port is changed to a trusted port, all the dynamic
◆
DHCP snooping bindings associated with this port are removed.
Set all ports connected to DHCP servers within the local network or fire
◆
wall to trusted state. Set all other ports outside the local network or fire
wall to untrusted state.
P
ARAMETERS
These parameters are displayed:
Trust Status – Enables or disables a port as trusted.
◆
(Default: Disabled)
◆
Circuit ID – Specifies DHCP Option 82 circuit ID suboption information.
Mode – Specifies the default string "VLAN-Unit-Port" or an arbitrary
■
string. (Default: VLAN-Unit-Port)
Value – An arbitrary string inserted into the circuit identifier field.
■
(Range: 1-32 characters)
W
I
EB
NTERFACE
To configure global settings for DHCP Snooping:
Click IP Service, DHCP, Snooping.
1.
Select Configure Interface from the Step list.
2.
Set any ports within the local network or firewall to trusted.
3.
Click Apply
4.
– 415 –
| Security Measures
C
13
HAPTER
DHCP Snooping