HP V1910 DHCP snooping configuration, DHCP snooping overview

DHCP snooping configuration

NOTE:

A DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.

HP recommends you not to to enable the DHCP client, BOOTP client, and DHCP snooping on the same device. Otherwise, DHCP snooping entries may fail to be generated, or the BOOTP client/DHCP client may fail to obtain an IP address.

DHCP snooping overview

Functions of DHCP snooping

As a DHCP security feature, DHCP snooping can implement the following:

Table 85 Recording IP-to-MAC mappings of DHCP clients

Table 86 Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers

Recording IP-to-MAC mappings of DHCP clients

DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong.

Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers

If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses and network configuration parameters, and cannot normally communicate with other network devices. With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the clients to obtain IP addresses from authorized DHCP servers.

∙Trusted: A trusted port forwards DHCP messages normally.

∙Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages received from any DHCP server.

288