Filter
Top Products
DES-7200 Configuration Guide Chapter 11 IP Source Guard Configuration
11-1
11 IP Source Guard
Configuration
11.1 Brief Introduction of IP
Source Guard
11.1.1 Understanding DHCP
In the typical DHCP-enabled network, the DHCP server is responsible for managing
and allocating addresses for hosts. The hosts apply for legal network addresses from
the DHCP server. DHCP is helpful for administrators to manage network addresses
and avoid address conflict.
Figure 1 Normal DHCP Address Allocation
However, the server/client mode can not guarantee the efficiency and security of
network address management. The traditional DHCP mode is required to have higher
security characters because of the illegal packets or even attack packets from the
clients (as shown in Figure 3) and various feigned servers (as shown in Figure 2)in
the network.
DHCP Snooping solves the problem. The security problem of traditional DHCP mode
can be solved by enabling DHCP Snooping on the device connecting the DHCP
server with the DHCP clients. DHCP Snooping divides the network into two parts:
untrusted network that shields all the DHCP Server response packets in the network
and checks the security of the request from the client; trusted network that forwards