3Com Switch 7750 Configuration Guide Guide
56
DHCP SNOOPING CONFIGURATION
DHCP-Snooping
Configuration
Introduction to DHCP
Snooping
For the sake of security, the IP addresses used by online DHCP clients need to be
tracked for the administrator to verify the corresponding relationship between the
IP addresses the DHCP clients obtained from DHCP servers and the MAC addresses
of the DHCP clients.
■ Layer 3 switches can track DHCP client IP addresses through DHCP relay.
■ Layer 2 switches can track DHCP client IP addresses through the DHCP
snooping function, which listens DHCP broadcast packets.
When an unauthorized DHCP server exists in the network, a DHCP client may
obtains an illegal IP address. To ensure that the DHCP clients obtain IP addresses
from valid DHCP servers, you can specify a port to be a trusted port or an
untrusted port through the DHCP snooping function.
■ Trusted ports can be used to connect DHCP servers or ports of other switches.
Untrusted ports can be used to connect DHCP clients or networks.
■ An untrusted port drops DHCP-ACK and DHCP-OFFER packets received from
the DHCP server, whereas a trusted port forwards DHCP packets received so
that users can obtain correct IP addresses.
Figure 149 illustrates a typical network diagram for DHCP snooping application,
where Switch A is a Switch 7750.
Figure 149 Typical network diagram for DHCP snooping application
Internet
DHCP client
DHCP client
DHCP client
Ethernet
DHCP client
Switch A (DHCP snooping)
DHCP server
Switch B (DHCP relay)
Internet
EthernetEthernet
Internet
DHCP client
DHCP client
DHCP client
Ethernet
DHCP client
Switch A (DHCP snooping)
DHCP server
Switch B (DHCP relay)
Internet
Ethernet
Internet
DHCP client
DHCP client
DHCP client
Ethernet
DHCP client
Switch A (DHCP snooping)
DHCP server
Switch B (DHCP relay)
Internet
EthernetEthernetEthernet