Chapter 63 DHCP Snooping
GS1920v2 Series User’s Guide
391
CHAPTER 63
DHCP Snooping
63.1 DHCP Snooping Overview
DHCP snooping filters unauthorized DHCP server packets. The Switch allows only the authorized DHCP
server on a trusted port to assign IP addresses. Clients on your network will only receive DHCP packets
from the authorized DHCP server.
The Switch also builds a DHCP snooping binding table dynamically by snooping DHCP packets
(dynamic bindings). A DHCP snooping binding table contains the IP binding information the Switch
learns from DHCP packets in your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
The following settings demonstrates DHCP snooping on the Switch.
• An authorized DHCP server (A) on a snooped VLAN from the trusted port (T)
• An unauthorized DHCP server (B) on a snooped VLAN from an untrusted port (UT)
• DHCP clients (C) on the untrusted ports (UT).
With DHCP snooping, the Switch blocks all DHCP server packets (DHCP OFFER/ACK) coming from the
untrusted ports (UT). The Switch only forwards the DHCP server packets from the trusted port (T). This
assures that DHCP clients on your network only receive IP addresses assigned by the authorized DHCP
server (A).
To Next Page
Loading...
