Figure 11-7 DHCP Cheating Attack Implementation Procedure
DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to
forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping
is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP
address, MAC address, VLAN and the connected Port number of the Host for automatic binding.
The bound entry can cooperate with the ARP Inspection, IP Source Guard and the other security
protection features. DHCP Snooping feature prevents the network from the DHCP Server
Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the
network security.
Choose the menu Network Security→IP-MAC Binding→DHCP Snooping to load the following
page.
156