Recording ip-to-mac mappings of dhcp clients, Application environment of trusted ports, Configuring trusted ports in a cascaded network – H3C Technologies H3C S5120 Series Switches User Manual

3-2

Recording IP-to-MAC mappings of DHCP clients

DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to

record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the

clients, ports that connect to DHCP clients, and VLANs to which the ports belong.

Application Environment of Trusted Ports

Configuring a trusted port connected to a DHCP server

Figure 3-1 Configure trusted and untrusted ports

Trusted

DHCP server

DHCP snooping

Untrusted

Untrusted

Unauthorized

DHCP server

DHCP client

DHCP reply messages

As shown in

Figure 3-1

, a DHCP snooping device’s port that is connected to an authorized DHCP

server should be configured as a trusted port to forward reply messages from the DHCP server, so that

the DHCP client can obtain an IP address from the authorized DHCP server.

Configuring trusted ports in a cascaded network

In a cascaded network involving multiple DHCP snooping devices, the ports connected to other DHCP

snooping devices should be configured as trusted ports.

To save system resources, you can disable the trusted ports, which are indirectly connected to DHCP

clients, from recording clients’ IP-to-MAC bindings upon receiving DHCP requests.