Nsf and dhcp snooping – Dell POWEREDGE M1000E User Manual
Page 166
166
Managing a Switch Stack
NSF and DHCP Snooping
Figure 8-15 illustrates an L2 access switch running DHCP snooping. DHCP
snooping only accepts DHCP server messages on ports configured as
trusted
ports. DHCP snooping listens to DHCP messages to build a bindings
database that lists the IP address the DHCP server has assigned to each host.
IP Source Guard (IPSG) uses the bindings database to filter data traffic in
hardware based on source IP address and source MAC address. Dynamic ARP
Inspection (DAI) uses the bindings database to verify that ARP messages
contain a valid sender IP address and sender MAC address. DHCP snooping
checkpoints its bindings database.
Figure 8-15. NSF and DHCP Snooping
If the Management Unit fails, all hosts connected to that unit lose network
access until that unit reboots. The hardware on surviving units continues to
enforce source filters IPSG installed prior to the failover. Valid hosts continue
to communicate normally. During the failover, the hardware continues to
drop data packets from unauthorized hosts so that security is not
compromised.
DHCP Server
LAG
`
`
`
`
`
`
Hosts
Hosts