3com 5500-SI Manual De Usuario

C

HAPTER

 17: N

ETWORK

 P

ROTOCOL

 O

PERATION

6 Return to system view.

[S5500-vlan-interface 100] quit

7 Enable option 82 supporting on the DHCP relay, with the keep keyword specified.

[S5500] dhcp relay information enable

[S5500] dhcp relay information strategy keep

For the sake of security, the IP addresses used by online DHCP clients need to be 
tracked for the administrator to verify the corresponding relationship between the IP 
addresses the DHCP clients obtained from DHCP servers and the MAC addresses of 
the DHCP clients.

■

Layer 3 switches can track DHCP client IP addresses through DHCP relay.

■

Layer 2 switches can track DHCP client IP addresses through the DHCP snooping 
function, which listens DHCP broadcast packets.

When an unauthorized DHCP server exists in the network, a DHCP client may obtains 
an illegal IP address. To ensure that the DHCP clients obtain IP addresses from valid 
DHCP servers, you can specify a port to be a trusted port or an untrusted port by the 
DHCP snooping function.

■

Trusted ports can be used to connect DHCP servers or ports of other switches. 
Untrusted ports can be used to connect DHCP clients or networks.

■

Trusted ports forward any received DHCP packets to ensure that DHCP clients can 
obtain IP addresses from valid DHCP servers. Untrusted ports discard the 
DHCP-ACK and DHCP-OFFER responses received from DHCP servers.

Figure 70 illustrates a typical network diagram for DHCP snooping application, where 
Switch A is an S5500 series switch.

Figure 70   Typical network diagram for DHCP snooping application

Figure 71 illustrates the interaction between a DHCP client and a DHCP server