DHCP Snooping Configuration Guide 201
| [SwitchA] |
| # Enable the address check function on the DHCP relay agent. |
| [SwitchA] interface |
| |
| Currently, a Switch 4500 operating as a DHCP relay agent does not support the |
| address check function. |
Complete Configuration | # |
| |
| # |
| |
| # |
| interface |
| ip address 10.10.1.1 255.255.255.0 |
| |
| |
| # |
Precautions | ■ You need to perform corresponding configurations on the DHCP server to |
| enable the DHCP clients to obtain IP addresses from the DHCP server. For DHCP |
| server configuration information, refer to the “DHCP Server Global Address |
| Pool Configuration Guide” on page 195. |
| ■ The DHCP relay agent and server are reachable to each other. |
|
|
DHCP Snooping | For security, a network administrator needs to use the mappings between DHCP |
Configuration Guide | clients’ IP addresses obtained from the DHCP server and their MAC addresses. |
| DHCP snooping is used to record such mappings from: |
| ■ |
| ■ |
| If there is an unauthorized DHCP server on a network, the DHCP clients may |
| obtain invalid IP addresses. With DHCP snooping, the ports of a device can be |
| configured as trusted or untrusted to ensure the clients to obtain IP addresses |
| from authorized DHCP servers. |
| ■ Trusted: A trusted port is connected to an authorized DHCP server directly or |
| indirectly. It forwards DHCP messages normally to guarantee that DHCP clients |
| can obtain valid IP addresses. |
| ■ Untrusted: An untrusted port is connected to an unauthorized DHCP server. |
| The |
| prevent DHCP clients from receiving invalid IP addresses. |