Chapter 74 DHCP Snooping
XGS2220 Series User’s Guide
489
CHAPTER 74
DHCP Snooping
74.1 DHCP Snooping Overview
With DHCP snooping, the Switch can build the binding table dynamically by snooping DHCP packets
(dynamic bindings) and filter unauthorized DHCP packets in your network.
The Switch uses a binding table to distinguish between authorized and unauthorized DHCP packets in
your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP packet, it looks up the appropriate MAC address, VLAN ID, IP
address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If
there is not a binding, the Switch discards the packet.
With DHCP snooping, the Switch can block a DHCP server on a snooped VLAN that comes from an
untrusted port in your network.
74.1.1 What You Can Do
• Use the DHCP Snooping Status screen (Section 74.2 on page 489) to look at various statistics about the
DHCP snooping database.
• Use this DHCP Snooping Setup screen (Section 74.3 on page 492) to enable DHCP snooping on the
Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and
configure the DHCP snooping database.
• Use the DHCP Snooping Port Setup screen (Section 74.4 on page 493) to specify whether ports are
trusted or untrusted ports for DHCP snooping.
• Use the DHCP Snooping VLAN Setup screen (Section 74.5 on page 495) to enable DHCP snooping on
each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82 information to
DHCP requests that the Switch relays to a DHCP server for each VLAN.
• Use the DHCP Snooping VLAN Port Setup screen (Section 74.6 on page 496) to apply a different DHCP
option 82 profile to certain ports in a VLAN.
74.2 DHCP Snooping Status
Use this screen to look at various statistics about the DHCP snooping database.
To Next Page
Loading...
