Configuration Guide DHCP Snooping Configuration
Agent Circuit ID (DOT1X format)
Agent Remote ID
DHCP Snooping Address Binding
By snooping the packets between the DHCP Clients and the DHCP Server, DHCP Snooping
combines the legal user information, including IP address, MAC address, VID, port and lease
time, into a entry to form a DHCP Snooping user database. By adding the user information in
the DHCP Snooping database to the IP packet hardware filtering entry, DHCP Snooping only
allows those legal users to send the IP packets, preventing the illegal users from setting the
private IP addresses.
DHCP Snooping Related Security Functions
DHCP Snooping address binding only filters the IP packets, rather than the ARP packets. To
enhance the security and prevent ARP spoof, it is necessary to filter the illegal ARP packtes.
DHCP Snooping database can provide the information on filtering the ARP packets. (For the
detailed information about the ARP packet filtering, please refer to the related chapters of
ARP-CHECK and DAI.)
To Next Page
Loading...
