Why is traffic snooping and inspection necessary, Default traffic snooping and inspection values, Why is traffic snooping and inspection – Dell POWEREDGE M1000E User Manual

Snooping and Inspecting Traffic

797

Why Is Traffic Snooping and Inspection Necessary?

DHCP Snooping, IPSG, and DAI are security features that can help protect

the switch and the network against various types of accidental or malicious

attacks. It might be a good idea to enable these features on ports that provide

network access to hosts that are in physically unsecured locations or if

network users connect nonstandard hosts to the network.
For example, if an employee unknowingly connects a workstation to the

network that has a DHCP server, and the DHCP server is enabled, hosts that

attempt to acquire network information from the legitimate network DHCP

server might obtain incorrect information from the rogue DHCP server.

However, if the workstation with the rogue DHCP server is connected to a

port that is configured as untrusted and is a member of a DHCP Snooping-

enabled VLAN, the port discards the DHCP server messages.

Default Traffic Snooping and Inspection Values

DHCP snooping is disabled globally and on all VLANs by default. Ports are

untrusted by default.

Table 27-1. Traffic Snooping Defaults

Parameter

Default Value

DHCP snooping mode

Disabled

DHCP snooping VLAN mode

Disabled on all VLANs

Interface trust state

Disabled (untrusted)

DHCP logging invalid packets

Disabled

DHCP snooping rate limit

No limit

DHCP snooping burst interval

1 second

DHCP snooping binding database

storage

Local

DHCP snooping binding database

write delay

300 seconds

Static DHCP bindings

None configured

IPSG mode

Disabled on all interfaces

IPSG port security

Disabled on all interfaces