User manual

ManualsBrandsLevelOne ManualsNetworkingGEP-5070

101

102

103

104

105

106

107

108

109

110

HAPTER

| Configuring the Switch

Configuring Security

– 108 –

■

If the DHCP packet is not a recognizable type, it is dropped.

■

If a DHCP packet from a client passes the filtering criteria above, it

will only be forwarded to trusted ports in the same VLAN.

■

If a DHCP packet is from server is received on a trusted port, it will

be forwarded to both trusted and untrusted ports in the same VLAN.

■

If the DHCP snooping is globally disabled, all dynamic bindings are

removed from the binding table.

■

Additional considerations when the switch itself is a DHCP client –

The port(s) through which the switch submits a client request to the

DHCP server must be configured as trusted. Note that the switch

will not add a dynamic entry for itself to the binding table when it

receives an ACK message from a DHCP server. Also, when the

switch sends out DHCP client packets for itself, no filtering takes

place. However, when the switch receives any messages from a

DHCP server, any packets received from untrusted ports are

dropped.

PARAMETERS

These parameters are displayed:

◆ Snooping Mode – Enables DHCP snooping globally. When DHCP

snooping is enabled, DHCP request messages will be forwarded to

trusted ports, and reply packets only allowed from trusted ports.

(Default: Disabled)

◆ Port – Port identifier

◆ Mode – Enables or disables a port as a trusted source of DHCP

messages. (Default: Trusted)

WEB INTERFACE

To configure DHCP Snooping:

1. Click Advanced Configuration, Security, Network, DHCP, Snooping.

2. Set the status for the global DHCP snooping process, and set any ports

within the local network or firewall to trusted.

3. Click Apply