What Is Dhcp Snooping - Dell PowerConnect 8024 User Configuration Manual
Hide thumbs
Also See for PowerConnect 8024:
- User configuration manual (1266 pages) ,
- Cli reference manual (1132 pages) ,
- User manual (778 pages)
Table of Contents
Advertisement
What Is DHCP Snooping?
Dynamic Host Configuration Protocol (DHCP) Snooping is a security feature
that monitors DHCP messages between a DHCP client and DHCP server to
accomplish the following tasks:
•
Filter harmful DHCP messages
•
Build a bindings database with entries that consist of the following
information:
•
MAC address
•
IP address
•
VLAN ID
•
Client port
Entries in the bindings database are considered to be authorized network
clients.
DHCP snooping can be enabled on VLANs, and the trust status (trusted or
untrusted) is specified on individual physical ports or LAGS that are
members of a VLAN. When a port or LAG is configured as untrusted, it could
potentially be used to launch a network attack. DHCP servers must be
reached through trusted ports.
DHCP snooping enforces the following security rules:
•
DHCP packets from a DHCP server (DHCPOFFER, DHCPACK,
DHCPNAK, DHCPRELEASEQUERY) are dropped if they are received on
an untrusted port.
•
DHCPRELEASE and DHCPDECLINE messages are dropped if the MAC
addresses in the snooping database, but the binding's interface is other
than the interface where the message was received.
•
On untrusted interfaces, the switch drops DHCP packets with a source
MAC address that does not match the client hardware address. This is a
configurable option.
754
Snooping and Inspecting Traffic
- Quick Links:
- System Management Features
Hide quick links:
Advertisement
Table of Contents
