Dhcp s – SMC Networks SMC Tiger 10/100 SMC6128L2 User Manual

DHCP S

NOOPING

3-231

When enabled, DHCP messages entering an untrusted interface are
filtered based upon dynamic entries learned via DHCP snooping.

Filtering rules are implemented as follows:

•

If the global DHCP snooping is disabled, all DHCP packets are
forwarded.

•

If DHCP snooping is enabled globally, and also enabled on the VLAN
where the DHCP packet is received, all DHCP packets are forwarded
for a trusted port. If the received packet is a DHCP ACK message, a
dynamic DHCP snooping entry is also added to the binding table.

•

If DHCP snooping is enabled globally, and also enabled on the VLAN
where the DHCP packet is received, but the port is not trusted, it is
processed as follows:
- If the DHCP packet is a reply packet from a DHCP server (including

OFFER, ACK or NAK messages), the packet is dropped.

- If the DHCP packet is from a client, such as a DECLINE or

RELEASE message, the switch forwards the packet only if the
corresponding entry is found in the binding table.

- If the DHCP packet is from a client, such as a DISCOVER,

REQUEST, INFORM, DECLINE or RELEASE message, the
packet is forwarded if MAC address verification is disabled.
However, if MAC address verification is enabled, then the packet
will only be forwarded if the client’s hardware address stored in the
DHCP packet is the same as the source MAC address in the
Ethernet header.

- If the DHCP packet is not a recognizable type, it is dropped.

•

If a DHCP packet from a client passes the filtering criteria above, it will
only be forwarded to trusted ports in the same VLAN.

•

If a DHCP packet is from server is received on a trusted port, it will be
forwarded to both trusted and untrusted ports in the same VLAN.

If the DHCP snooping is globally disabled, all dynamic bindings are
removed from the binding table.