8 dhcp snooping configuration, Dhcp snooping overview, Functions of dhcp snooping – H3C Technologies H3C S7500E Series Switches User Manual
Page 82: Dhcp snooping configuration
8-1
8
DHCP Snooping Configuration
When configuring DHCP snooping, go to these sections for information you are interested in:
z
z
Configuring DHCP Snooping Basic Functions
z
Configuring DHCP Snooping to Support Option 82
z
Displaying and Maintaining DHCP Snooping
z
DHCP Snooping Configuration Examples
z
The DHCP snooping enabled device does not work if it is between the DHCP relay agent and
DHCP server, and it can work when it is between the DHCP client and relay agent or between the
DHCP client and server.
z
The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient
Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device.
If an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in
an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration
in the IRF Configuration Guide.
DHCP Snooping Overview
Functions of DHCP Snooping
As a DHCP security feature, DHCP snooping can implement the following:
1) Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
2) Recording IP-to-MAC mappings of DHCP clients
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses
and network configuration parameters, and cannot normally communicate with other network devices.
With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the
clients to obtain IP addresses from authorized DHCP servers.
z
Trusted: A trusted port forwards DHCP messages normally.
z
Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages from any
DHCP server.
You should configure ports that connect to authorized DHCP servers or other DHCP snooping devices
as trusted, and other ports as untrusted. With such configurations, DHCP clients obtain IP addresses