Dhcp Snooping Configuration - 3Com 4500 PWR 26-Port Configuration Manual

41

DHCP Snooping Configuration

When configuring DHCP snooping, go to these sections for information you are interested in:
DHCP Snooping Overview
Configuring DHCP Snooping
Displaying and Maintaining DHCP Snooping Configuration
DHCP Snooping Configuration Examples
DHC P Snooping Overview
Introd uction to DHCP Snooping
For the sake of security, the IP addresses used by online DHCP clients need to be tracked for the
adm inistrator to verify the corresponding rela
obtained from DHCP servers and the MAC addresses of the DHCP clients.
Switches can track DHCP clients' IP addresses through the security function of the DHCP relay
agent operating at the network layer.
Switches can track DHCP clien
link layer.
When an unauthorized DHCP server exists in the network, a DHCP client m
address. To ensure that the DHCP clients obtain IP addresses from valid DHCP
specify a port to be a trusted port or an untrusted port b
Trusted: A trusted port is connected to an authorized DHCP server dire
DHCP messages to guarantee that DHCP clients can obtain valid IP addresse
Untrusted: An untrusted port is connected to an unauthorized DHCP server. T
DHCP-OFFER packets received from the port are discarded, preventing
receiving invalid IP addresses.
Figure 41-1 illustrates a typical network diagram for DHCP snooping application, where Switch A is an
S4500 series Ethernet switch.
tionship between the IP addresses the DHCP clients
ts' IP addresses through the DHCP snooping function at the data
y the DHCP snooping function.
41-1
ay obtains an illegal IP
servers, you can
ctly or indirectly. It forwards
s.
he DHCP-ACK or
DHCP clients from