Configuring Dhcp Snooping; Global Dhcp Snooping Configuration - Ubiquiti EdgeSwitch ES-24-250W Administration Manual
User interface for poe switches
Hide thumbs
Also See for EdgeSwitch ES-24-250W:
- Command reference manual (435 pages) ,
- Quick start manual (25 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
EdgeSwitch
Administration Guide
™
Configuring DHCP Snooping
DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers
to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address, VLAN ID,
port} tuples that are considered authorized. You can enable DHCP snooping globally and on specific VLANs,
and configure ports within the VLAN to be trusted or untrusted. If a DHCP message arrives on an untrusted
port, DHCP snooping filters messages that are not from authorized DHCP clients. DHCP server messages are
forwarded only through trusted ports.
Global DHCP Snooping Configuration
Use this page to view and configure the global settings for DHCP Snooping.
To access the Global DHCP Snooping Configuration page, click Switching > DHCP Snooping > Base > Global
in the navigation menu.
Field
DHCP Snooping Mode
MAC Address Validation
Use the buttons to perform the following tasks:
• If you make any changes to this page, click Submit to apply the changes.
• Click Refresh to refresh the page with the most current data from the switch.
To retain the changes across the switch's next power cycle, click System > Configuration Storage > Save.
DHCP Snooping VLAN Configuration
Use this page to view and configure the DHCP snooping settings on VLANs that exist on the device. DHCP
snooping can be configured on switching VLANs and routing VLANs. For Layer-2 (non-routing) VLANs,
DHCP snooping forwards valid DHCP client messages received on the VLANs. The message is forwarded on
all trusted interfaces in the VLAN. When a DHCP packet is received on a routing VLAN, the DHCP snooping
application applies its filtering rules and updates the bindings database. If a client message passes filtering
rules, the message is placed into the software forwarding path, where it may be processed by the DHCP relay
agent, the local DHCP server, or forwarded as an IP packet.
To access the DHCP Snooping VLAN Configuration page, click Switching > DHCP Snooping > Base > VLAN
Configuration in the navigation menu.
Ubiquiti Networks, Inc.
Global DHCP Snooping Configuration
Global DHCP Snooping Configuration Fields
Description
Used to Enable or Disable DHCP snooping on the device.
Used to Enable or Disable the verification of the sender MAC address for DHCP snooping. When
enabled, the device checks packets that are received on untrusted interface to verify that the MAC
address and the DHCP client hardware address match. If the addresses do not match, the device drops
the packet.
Configuring Switching Information
137
Advertisement
Table of Contents
