Users Guide
564 Dell PowerConnect 55xx Systems User Guide
DHCP Snooping
This section describes DHCP snooping.
It contains the following topics:
• DHCP Snooping Overview
• Global Parameters
• VLAN Settings
• Trusted Interfaces
• Snooping Binding Database
DHCP Snooping Overview
DHCP snooping expands network security by providing layer security
between untrusted interfaces and DHCP servers. By enabling DHCP
snooping, network administrators can differentiate between trusted interfaces
connected to end-users or DHCP Servers, and untrusted interfaces located
beyond the network firewall.
How DHCP Snooping Works
DHCP snooping filters untrusted messages, and stores these messages in a
database. Interfaces are untrusted if the packet is received from an interface
outside the network, or from an interface beyond the network firewall.
Trusted interfaces receive packets only from within the network or the
network firewall.
The DHCP Snooping Binding database contains the untrusted interfaces’
MAC address, IP address, Lease Time, VLAN ID, and interface information.
Table 21-1 describes how DHCP packets are handled when DHCP snooping
is enabled on an interface.
Table 19-1. DHCP Packet Handling when DHCP Snooping is Enabled
Packet Type Arriving from Untrusted
Ingress Interface
Arriving from Trusted
Ingress Interface
DHCPDISCOVER Forward to trusted
interfaces only.
Forwarded to trusted
interfaces only.