Dhcp snooping configuration, Dhcp snooping overview, Functions of dhcp snooping – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 68: Recording ip-to-mac mappings of dhcp clients
57
DHCP snooping configuration
This chapter includes these sections:
•
•
Displaying and maintaining DHCP snooping
•
DHCP snooping configuration examples
NOTE:
•
The term "switch" or "device" in this document refers to the switching engine on a WX3000E wireless
switch.
•
The WX3000E series comprises WX3024E and WX3010E wireless switches.
•
The port numbers in this document are for illustration only.
•
The DHCP snooping-enabled device must be either between the DHCP client and relay agent, or
between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP
server.
DHCP snooping overview
Functions of DHCP snooping
DHCP snooping can:
1.
Ensure DHCP clients to obtain IP addresses from authorized DHCP servers
2.
Record IP-to-MAC mappings of DHCP clients
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
With DHCP snooping, the ports of a switch can be configured as trusted or untrusted to ensure that clients
obtain IP addresses only from authorized DHCP servers.
•
Trusted: A trusted port forwards DHCP messages normally to ensure the clients get IP addresses
from an authorized DHCP server.
•
Untrusted: An untrusted port discards received DHCP-ACK and DHCP-OFFER messages to avoid IP
address allocation from any unauthorized server.
Configure ports that connect to authorized DHCP servers or other DHCP snooping devices as trusted,
and configure other ports as untrusted.
Recording IP-to-MAC mappings of DHCP clients
DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record
DHCP snooping entries. A DHCP snooping entry includes the MAC and IP addresses of the client, the
port that connects to the DHCP client, and the VLAN of the port. With DHCP snooping entries, DHCP
snooping can implement the following functions:
•
ARP detection: Whether ARP packets are sent from an authorized client is determined based on
DHCP snooping entries. This feature prevents ARP attacks from unauthorized clients. For more
information, see the Security Configuration Guide.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points