Chapter 28 DHCP Snooping
XGS4600 Series User’s Guide
301
CHAPTER 28
DHCP Snooping
28.1 DHCP Snooping Overview
With DHCP snooping, the Switch can build the binding table dynamically by snooping DHCP packets
(dynamic bindings) and filter unauthorized DHCP packets in your network.
The Switch uses a binding table to distinguish between authorized and unauthorized DHCP packets in
your network. A binding contains these key attributes:
• MAC address
• VLAN ID
• IP address
• Port number
When the Switch receives a DHCP packet, it looks up the appropriate MAC address, VLAN ID, IP
address, and port number in the binding table. If there is a binding, the Switch forwards the packet. If
there is not a binding, the Switch discards the packet.
28.1.1 What You Can Do
• Use the DHCP Snooping screen (Section 28.2 on page 301) to look at various statistics about the DHCP
snooping database.
• Use this DHCP Snooping Configure screen (Section 28.3 on page 304) to enable DHCP snooping on
the Switch (not on specific VLAN), specify the VLAN where the default DHCP server is located, and
configure the DHCP snooping database.
• Use the DHCP Snooping Port Configure screen (Section 28.3.1 on page 306) to specify whether ports
are trusted or untrusted ports for DHCP snooping.
• Use the DHCP Snooping VLAN Configure screen (Section 28.3.2 on page 308) to enable DHCP
snooping on each VLAN and to specify whether or not the Switch adds DHCP relay agent option 82
information to DHCP requests that the Switch relays to a DHCP server for each VLAN.
• Use the DHCP Snooping VLAN Port Configure screen (Section 28.3.3 on page 309) to apply a different
DHCP option 82 profile to certain ports in a VLAN.
28.2 DHCP Snooping
Use this screen to look at various statistics about the DHCP snooping database.
To open this screen, click Advanced Application > IP Source Guard > IPv4 Source Guard Setup > DHCP
Snooping.
To Next Page
Loading...
