Chapter 6. configuring dhcp snooping, Chapter 6.configuring dhcp snooping – Allied Telesis AT-S95 WEB User Manual
Page 93
Configuring DHCP Snooping
Page 93
Chapter 6. Configuring DHCP Snooping
DHCP Snooping expands network security by providing an extra layer of security between untrusted interfaces
and DHCP servers. By enabling DHCP Snooping network administrators can identify between trusted interfaces
connected to end-users or DHCP Servers, and untrusted interface located beyond the network firewall.
DHCP Snooping filters untrusted messages. DHCP Snooping creates and maintains a DHCP Snooping Table
which contains information received from untrusted packets. Interfaces are untrusted if the packet is received from
an interface from outside the network or from a interface beyond the network firewall. Trusted interfaces receive
packets only from within the network or the network firewall.
DHCP with Option 82 attaches authentication messages to the packets sent from the host. DHCP passes the
configuration information to hosts on a TCP/IP network. This permits network administrators to limit address
allocation authorized hosts. DHCP with Option 82 can be enabled only if DHCP snooping is enabled.
The DHCP Snooping Table contains the untrusted interfaces MAC address, IP address, Lease Time, VLAN ID,
and interface information.
This section contains the following topics:
•
Defining DHCP Snooping General Properties
•
Defining DHCP Snooping on VLANs
•
•