3 dhcp snooping configuration, Introduction, Introduction to dhcp snooping – H3C Technologies H3C S3100 Series Switches User Manual

3-1

3

DHCP Snooping Configuration

Introduction

Introduction to DHCP Snooping

For the sake of security, the IP addresses used by online DHCP clients need to be tracked for the

administrator to verify the corresponding relationship between the IP addresses the DHCP clients

obtained from DHCP servers and the MAC addresses of the DHCP clients.

z

Layer 3 switches can track DHCP client IP addresses through DHCP relay.

z

Layer 2 switches can track DHCP client IP addresses through the DHCP snooping function, which

listens DHCP broadcast packets.

Figure 3-1

illustrates a typical network diagram for DHCP snooping application, where Switch A is an

S3100 series Ethernet switch.

Figure 3-1 Typical network diagram for DHCP snooping application

On S3100-SI series Ethernet switches, DHCP snooping listens the DHCP-REQUEST packets to

retrieve the IP addresses the DHCP clients obtain from DHCP servers and the MAC addresses of the

DHCP clients.

On S3100-EI series Ethernet switches, DHCP snooping listens the DHCP-REQUEST packets and

DHCP-ACK packets to retrieve the IP addresses the DHCP clients obtain from DHCP servers and the

MAC addresses of the DHCP clients.

Introduction to DHCP Snooping Trusted/Untrusted Ports

When an unauthorized DHCP server exists in the network, a DHCP client may obtains an illegal IP

address. To ensure that the DHCP clients obtain IP addresses from valid DHCP servers, The S3100-EI

series Ethernet switches can specify a port to be a trusted port or an untrusted port by the DHCP

snooping function.