Filter
Top Products
DES-7200 Configuration Guide Chapter 9 DHCP Snooping Configuration
9-2
9.1.2 Understanding
DHCP
Snooping
DHCP Snooping monitors users by snooping the packets exchanged between the clients and
the server. DHCP Snooping can filter DHCP packets and illegal servers by proper
configuration. Some terms and functions used in DHCP Snooping are explained below:
DHCP Snooping TRUST port: Because the packets for obtaining IP addresses through DHCP
are in the form of broadcast, some illegal servers may prevent users from obtaining IP
addresses, or even cheat and steal user information. To solve this problem, DHCP Snooping
classifies the ports into two types: TRUST port and UNTRUST port. The device forwards only
the DHCP reply packets received through the TRUST port while discarding all the DHCP reply
packets from the UNTRUST port. In this way, the illegal DHCP Server can be shielded by
setting the port connected to the legal DHCP Server as a TRUST port and other ports as
UNTRUST ports.
DHCP Snooping binding database: By snooping the packets between the DHCP Clients and
the DHCP Server, DHCP Snooping combines the IP address, MAC address, VID, port and
lease time into a entry to form a DHCP Snooping user database.
DHCP Snooping checks the validity of DHCP packets that pass through the device, discards
illegal DHCP packets, and records user information to create a DHCP Snooping binding
database for ARP inspection and query. The following DHCP packets are considered illegal:
The DHCP reply packets received on the UNTRUST ports, including DHCPACK,
DHCPNACK, DHCPOFFER, etc.
DHCP Client values in the source MAC and DHCP packets are in different packets
when MAC check is enabled.
DHCPRELEASE packets whose port information is inconsistent with that in the the
DHCP Snooping binding database.
9.1.3 Understanding
DHCP
Snooping
Information
Option
Some network administrators want to assign IP address to current users upon their positions.
That is, they want to assign IP addresses to users according to the information on the network
equipments that users connect so that the switch can add the user-related device information
to the DHCP request packet in DHCP option way while performing DHCP Snooping. According
to RFC3046, the option number used is 82. You can obtain more user information by uploading
option82 to the content server. As a result, you can assign IP addresses accurately. The format
of option82 uploaded by DHCP Snooping is shown as follows: