How dhcp snooping works, Dhcp binding database – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Switching Configuration Guide

763

53-1003036-02

DHCP snooping

19

NOTE

DHCP Snooping will not dynamically build the ARP Inspection table.

How DHCP snooping works

When enabled on a VLAN, DHCP snooping stands between untrusted ports (those connected to
host ports) and trusted ports (those connected to DHCP servers). A VLAN with DHCP snooping
enabled forwards DHCP request packets from clients and discards DHCP server reply packets on
untrusted ports, and it forwards DHCP server reply packets on trusted ports to DHCP clients, as
shown in the following figures.

FIGURE 194

DHCP snooping at work - on untrusted port

FIGURE 195

DHCP snooping at work - on trusted port

DHCP binding database

On trusted ports, DHCP server reply packets are forwarded to DHCP clients. The DHCP server reply
packets collect client IP to MAC address binding information, which is saved in the DHCP binding
database. This information includes MAC address, IP address, lease time, VLAN number, and port
number.

In the Brocade device configuration, the DHCP binding database is integrated with the enhanced
ARP table, which is used by Dynamic ARP Inspection. For more information, refer to

“ARP entries”

on page 755.

The lease time will be refreshed when the client renews its IP address with the DHCP server;
otherwise the device removes the entry when the lease time expires.