3com 2928 Betriebsanweisung

 

3-1 

 

z

 

A DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP 
server, and it can work when it is between the DHCP client and relay agent or between the DHCP 
client and server. 

z

 

You are not recommended to enable the DHCP client, BOOTP client, and DHCP snooping on the 
same device. Otherwise, DHCP snooping entries may fail to be generated, or the BOOTP 
client/DHCP client may fail to obtain an IP address. 

 

As a DHCP security feature, DHCP snooping can implement the following: 
1)  Recording IP-to-MAC mappings of DHCP clients 
2)  Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers 

DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to 
record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the 
clients, ports that connect to DHCP clients, and VLANs to which the ports belong. 

If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses 
and network configuration parameters, and cannot normally communicate with other network devices. 
With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the 
clients to obtain IP addresses from authorized DHCP servers. 

z

 

Trusted: A trusted port forwards DHCP messages normally. 

z

 

Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages received from 
any DHCP server.