DHCP snooping configuration
NOTE:
A DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
HP recommends you not to to enable the DHCP client, BOOTP client, and DHCP snooping on the same device. Otherwise, DHCP snooping entries may fail to be generated, or the BOOTP client/DHCP client may fail to obtain an IP address.
DHCP snooping overview
Functions of DHCP snooping
As a DHCP security feature, DHCP snooping can implement the following:
Table 85 Recording
Table 86 Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
Recording
DHCP snooping reads
Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers
If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses and network configuration parameters, and cannot normally communicate with other network devices. With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers.
∙Trusted: A trusted port forwards DHCP messages normally.
∙Untrusted: An untrusted port discards the
288