D-Link DGS-6600-48T Configuration Guide - Page 464
DHCP Snooping Configuration, Overview, An Introduction to DHCP Snooping
View all D-Link DGS-6600-48T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 464 highlights
Volume 8-Security & Authentication / Chapter 44-DHCP Snooping Configuration Chapter Overview Chapter 44 DHCP Snooping Configuration Chapter Overview The following topics are included in this chapter, please go to the topic for more detailed information: • Chapter Overview • An Introduction to DHCP Snooping • DHCP Operation concept • DHCP Snooping Configuration Commands • Enabling and Disabling DHCP Snooping • Configuring an "allow-untrusted port" • Configuring Snooping Trusts • Configuring the verification of a source MAC address from a DHCP packet • Configuring an ip dhcp snooping vlan • Verifying ip dhcp snooping settings An Introduction to DHCP Snooping DHCP snooping is a technique that ensures IP integrity. It works with information from a DHCP server to: • Track the physical location of hosts. • Ensure that hosts only use the IP addresses assigned to them. • Ensure that only authorized DHCP servers are accessible. The switch offers the DHCP snooping to snoop DHCP packet that received or forward by switch. DHCP snooping acts just like a firewall between DHCP client and server. DHCP snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintain DHCP snooping binding database. You can use DHCP snooping to differentiate between untrusted interface connected to DHCP client and trusted interface connected to the DHCP server or another switch. The "trust" is only conceptual; user can specify the interface as trusted port. For DHCP snooping, all DHCP servers MUST be connected to the switch through trusted interfaces. In DHCP snooping, the switch builds DHCP snooping binding entries automatically. The DHCP snooping binding database has the MAC address, the IP address, the lease time, the binding type, the VLAN number, and the interface information that corresponds to the local untrusted interface of a switch. It does not have information that host connected with trusted interface. The DHCP server should be connected to a trusted interface. This is mandatory to make sure that the DHCP server functions can process properly. When a switch receives a packet on an untrusted interface and the interface belongs to a VLAN that is enabled DHCP snooping, the switch compares DGS-6600 Configuration Guide 464