3 dhcp snooping typical application, 4 dhcp snooping troubleshooting help, 1 monitor and debug information – PLANET XGS3-24040 User Manual

Chapter 31 DHCP Snooping Configuration

31-10

31.3 DHCP Snooping Typical Application

Figure 4-1 Sketch Map of TRUNK

As showed in the above chart, Mac-AA device is the normal user, connected to the non-trusted port 1/1 of the

switch. It operates via DHCP Client, IP 1.1.1.5; DHCP Server and GateWay are connected to the trusted ports

1/11 and 1/12 of the switch; the malicious user Mac-BB is connected to the non-trusted port 1/10, trying to

fake a DHCP Server（by sending DHCPACK）. Setting DHCP Snooping on the switch will effectively detect

and block this kind of network attack.

Configuration sequence is:

switch#

switch#config

switch(config)#ip dhcp snooping enable

switch(config)#interface ethernet 1/11

switch(Config-If-Ethernet1/11)#ip dhcp snooping trust

switch(Config-If-Ethernet1/11)#exit

switch(config)#interface ethernet 1/12

switch(Config-If-Ethernet1/12)#ip dhcp snooping trust

switch(Config-If-Ethernet1/12)#exit

switch(config)#interface ethernet 1/1-10

switch(Config-Port-Range)#ip dhcp snooping action shutdown

switch(Config-Port-Range)#

31.4 DHCP Snooping Troubleshooting Help

31.4.1 Monitor and Debug Information

The “debug ip dhcp snooping” command can be used to monitor the debug information.