| Security Measures
C
13
HAPTER
DHCP Snooping
C
P
ONFIGURING
ORTS
DHCP S
FOR
NOOPING
Use the IP Service > DHCP > Snooping (Configure Interface) page to
configure switch ports as trusted or untrusted.
CLI R
EFERENCES
"ip dhcp snooping trust" on page 899
◆
C
U
OMMAND
SAGE
A trusted interface is an interface that is configured to receive only
◆
messages from within the network. An untrusted interface is an
interface that is configured to receive messages from outside the
network or fire wall.
◆
When DHCP snooping is enabled both globally and on a VLAN, DHCP
packet filtering will be performed on any untrusted ports within the
VLAN.
When an untrusted port is changed to a trusted port, all the dynamic
◆
DHCP snooping bindings associated with this port are removed.
Set all ports connected to DHCP servers within the local network or fire
◆
wall to trusted state. Set all other ports outside the local network or fire
wall to untrusted state.
P
ARAMETERS
These parameters are displayed:
Trust Status – Enables or disables a port as trusted.
◆
(Default: Disabled)
◆
Circuit ID – Specifies DHCP Option 82 circuit ID suboption information.
Mode – Specifies the default string "VLAN-Unit-Port" or an arbitrary
■
string. (Default: VLAN-Unit-Port)
Value – An arbitrary string inserted into the circuit identifier field.
■
(Range: 1-32 characters)
W
I
EB
NTERFACE
To configure global settings for DHCP Snooping:
Click IP Service, DHCP, Snooping.
1.
Select Configure Interface from the Step list.
2.
Set any ports within the local network or firewall to trusted.
3.
Specify the mode used for sending circuit ID information, and an
4.
arbitrary string if required.
Click Apply
5.
– 414 –