DHCP snooping
Related How To Notes
The following How To Note describes DHCP snooping on
zHow To Use DHCP Snooping, Option 82, and Filtering on
The following How To Notes also use DHCP snooping in their solutions:
zHow To Use
zHow To Create A Secure Network With Allied Telesis Managed Layer 3 Switches
zHow To Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks
How To Notes are available from the library at www.alliedtelesis.com/resources/literature/ howto.aspx.
DHCP snooping
DHCP snooping forces all DHCP packets to be sent up to the switch CPU before forwarding. The switch CPU then keeps a database of the IP addresses that are currently allocated to downstream clients and the switch ports that the relevant clients are attached to.
Note: The switch CPU does not store a history log. The DHCP server does this.
DHCP snooping performs two main tasks:
zKeeping a record of which IP addresses are currently allocated to hosts downstream of the ports on the switch.
zDeciding which packets are candidates for having Option 82 information inserted, and actively filtering out packets that are deemed to be invalid DHCP packets (according to criteria described below).
Note: Option 82 must be enabled separately.
Minimum configuration
The following output shows the minimum configuration required to use DHCP snooping and provide filtered connectivity. With this configuration a client will be able to receive a DHCP address, and access the IP network. If the client manually changes its IP, it will not be permitted access to the IP network. The administrator will also be able to see the current valid entries in the DHCP snooping database.
#DHCP Snooping configuration enable dhcpsnooping
set dhcpsnooping port=24 trusted=yes
Page 3 AlliedWare™ OS How To Note: DHCP Snooping on
