beautypg.com

38 dhcp snooping configuration, Dhcp snooping overview, Function of dhcp snooping – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 394: Recording ip-to-mac mappings of dhcp clients, Dhcp snooping configuration

background image

38-1

38

DHCP Snooping Configuration

When configuring DHCP snooping, go to these sections for information you are interested in:

z

DHCP Snooping Overview

z

Configuring DHCP Snooping Basic Functions

z

Configuring DHCP Snooping to Support Option 82

z

Displaying and Maintaining DHCP Snooping

z

DHCP Snooping Configuration Example

z

DHCP Snooping supports no link aggregation. If an Ethernet port is added into an aggregation
group, DHCP Snooping configuration on it will not take effect. When the port is removed from the
group, DHCP Snooping can take effect.

z

The DHCP snooping enabled device does not work if it is between the DHCP relay agent and
DHCP server, and it can work when it is between the DHCP client and relay agent or between the
DHCP client and server.

z

The DHCP Snooping enabled device cannot be a DHCP server or DHCP relay agent.

z

You are not recommended to enable the DHCP client, BOOTP client, and DHCP Snooping on the
same device. Otherwise, DHCP Snooping entries may fail to be generated, or the BOOTP
client/DHCP client may fail to obtain an IP address.

DHCP Snooping Overview

Function of DHCP Snooping

As a DHCP security feature, DHCP snooping can implement the following:

Recording IP-to-MAC mappings of DHCP clients

For security sake, a network administrator needs to record the mapping between a client’s IP address
obtained from the DHCP server and the client’s MAC address. DHCP snooping can meet the need.

DHCP snooping records clients’ MAC and IP addresses by reading their DHCP-REQUEST and
DHCP-ACK messages from trusted ports. The network administrator can check out which IP addresses
are assigned to the DHCP clients with the display dhcp-snooping command.

Ensuring DHCP clients to obtain IP addresses from valid DHCP servers

If there is an unauthorized DHCP server on a network, the DHCP clients may obtain invalid IP
addresses. With DHCP snooping, the ports of a device can be configured as trusted or untrusted,
ensuring the clients to obtain IP addresses from authorized DHCP servers.

See also other documents in the category H3C Technologies Routers: