8 dhcp snooping configuration, Dhcp snooping overview, Functions of dhcp snooping – H3C Technologies H3C S7500E Series Switches User Manual

Page 82: Dhcp snooping configuration

8-1

DHCP Snooping Configuration

When configuring DHCP snooping, go to these sections for information you are interested in:

The DHCP snooping enabled device does not work if it is between the DHCP relay agent and

DHCP server, and it can work when it is between the DHCP client and relay agent or between the

DHCP client and server.

The S7500E Series Ethernet Switches are distributed devices supporting Intelligent Resilient

Framework (IRF). Two S7500E series can be connected together to form a distributed IRF device.

If an S7500E series is not in any IRF, it operates as a distributed device; if the S7500E series is in

an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration

in the IRF Configuration Guide.

DHCP Snooping Overview

Functions of DHCP Snooping

As a DHCP security feature, DHCP snooping can implement the following:

1) Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers

2) Recording IP-to-MAC mappings of DHCP clients

Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers

If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses

and network configuration parameters, and cannot normally communicate with other network devices.

With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the

clients to obtain IP addresses from authorized DHCP servers.

Trusted: A trusted port forwards DHCP messages normally.

Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages from any

DHCP server.

You should configure ports that connect to authorized DHCP servers or other DHCP snooping devices

as trusted, and other ports as untrusted. With such configurations, DHCP clients obtain IP addresses

This manual is related to the following products: