Brocade Communications Systems Brocade ICX 6650 6650 User Manual

DHCP snooping

How DHCP snooping works

When enabled on a VLAN, DHCP snooping stands between untrusted ports (those connected to 
host ports) and trusted ports (those connected to DHCP servers). A VLAN with DHCP snooping 
enabled forwards DHCP request packets from clients and discards DHCP server reply packets on 
untrusted ports, and it forwards DHCP server reply packets on trusted ports to DHCP clients, as 
shown in the following figures

FIGURE 17

 DHCP snooping at work - on an untrusted port

FIGURE 18

 DHCP snooping at work - on a trusted port

DHCP binding database

When it forwards DHCP server reply packets on trusted ports, the Brocade device saves the client 
IP-to-MAC address binding information in the DHCP binding database. This is how the DHCP 
snooping binding table is populated. The information saved includes MAC address, IP address, 
lease time, VLAN number, and port number.

In the Brocade device, the DHCP binding database is integrated with the enhanced ARP table, 
which is used by Dynamic ARP Inspection. For more information, refer to 

The lease time will be refreshed when the client renews its IP address with the DHCP server; 
otherwise the Brocade device removes the entry when the lease time expires.