When the address binding is used, the switch can only support the
limited DHCP users for the limit of the hardware list item, if the users are
too much on the switch, it may cause that the legal user can not add the
hardware list item and use the network normally. When the DAI function
is used, it will serious effect on the performance of the switch for all ARP
messages should be forwarded and processed by CPU.
14.1.5 Understanding Address Binding
Function of DHCP Snooping
The address binding function of the DHCP snooping is that the switch binds the IP obtained
by users and the MAC of users by the snooping of the DHCP process, so as to limit that only
the users who obtain the IP by DHCP can use the network, to prevent users to set the IP by
themselves.
Furthermore, for the DHCP binding only filters to the IP message other than the ARP
message, to improve the security and prevent the ARP cheating, it carries out the legality
check of ARP for the users with DHCP binding. Refer to DAI configuration for the details.
14.1.6 Relationship between DHCP
Snooping and ARP Detectation
ARP detection refers to check all the ARP packets that pass the device. DHCP Snooping
needs to provide database information for ARP detectation. When the device that has the
DAI function enabled receives ARP packets, the DAI module queries the binding database of
DHCP snooping according to the packets. The ARP packet is considered legal and is thus
learnt and forwarded only when its MAC, IP and port information match. Otherwise, the
packet will be discarded.
14.1.7 Other Precautions on DHCP
Snooping Configuration
The DHCP Snooping function and the DHCP Option 82 function of 1x are mutually exclusive,
namely they cannot be used at the same time.
DHCP Snooping only snoops the DHCP process of user. If you want to restrict users to use
IP addresses assigned using DHCP for network access, you must use the ARP detectation
function. Note that the ARP detectation function affects the overall performance of the device
because the ARP detectation module detects all the ARP packets.
To Next Page
Loading...
Need help?
General