3com S7906E Manuel De Montage

 

 

5-1 

When configuring DHCP snooping, go to these sections for information you are interested in: 

z 

DHCP Snooping Overview 

z 

Configuring DHCP Snooping Basic Functions 

z 

Configuring DHCP Snooping to Support Option 82 

z 

Displaying and Maintaining DHCP Snooping 

z 

 

z 

The DHCP snooping enabled device does not work if it is between the DHCP relay agent and 

DHCP server, and it can work when it is between the DHCP client and relay agent or between the 

DHCP client and server. 

z 

The S7900E Series Ethernet Switches are distributed devices supporting Intelligent Resilient 

Framework (IRF). Two S7900E series can be connected together to form a distributed IRF device. 

If an S7900E series is not in any IRF, it operates as a distributed device; if the S7900E series is in 

an IRF, it operates as a distributed IRF device. For introduction of IRF, refer to IRF Configuration in 

the System Volume. 

 

As a DHCP security feature, DHCP snooping can implement the following: 

1)  Ensuring DHCP clients to obtain IP addresses from authorized DHCP servers 

2)  Recording IP-to-MAC mappings of DHCP clients 

If there is an unauthorized DHCP server on a network, DHCP clients may obtain invalid IP addresses 

and network configuration parameters, and cannot normally communicate with other network devices. 

With DHCP snooping, the ports of a device can be configured as trusted or untrusted, ensuring the 

clients to obtain IP addresses from authorized DHCP servers. 

z 

Trusted: A trusted port forwards DHCP messages normally. 

z 

Untrusted: An untrusted port discards the DHCP-ACK or DHCP-OFFER messages from any 

DHCP server. 

You should configure ports that connect to authorized DHCP servers or other DHCP snooping devices 

as trusted, and other ports as untrusted. With such configurations, DHCP clients obtain IP addresses