Basic answer: What is DHCP Snooping?

What is DHCP Snooping? This problem may not be very clear to many friends. Here we will give a brief explanation of this problem. DHCP Pnooping is a DHCP snoop. It monitors users through DHCP interaction packets between the Client and the server, and DHCP Snooping provides a DHCP packet filtering function, filter illegal servers with proper configuration.

The following describes some terms and functions used in DHCP Snooping:

DHCP Snooping TRUST port: as DHCP obtains IP exchange packets in the form of broadcast, illegal servers may affect normal IP Access, what's more, hackers steal user information through illegal server spoofing. To prevent illegal server problems, DHCP nooping divides ports into two types: TRUST ports and UNTRUST ports, the device only forwards DHCP Reply packets received by the TRUST port, and discards all DHCP Reply packets from the UNTRUST port. In this way, the port connecting the valid DHCP Server is set to the TURST port, when other ports are set to the UNTRUST port, the illegal DHCP Server can be blocked.

DHCP Snooping:

In the DHCP environment, users may often set IP addresses without permission. Private IP addresses not only make the network difficult to maintain, in addition, some users who use DHCP to obtain IP addresses cannot use the network properly due to conflicts. DHCP Snooping snoops packets between the Client and the Server, the IP information obtained by the user and the user's MAC, VID, PORT, lease time and other information are grouped into a user record table item to form a DHCP Snooping user database, with ARP detection, users can access the Internet.

Through the above content, we have a simple understanding of what DHCP Snooping is. DHCP Snooping is to discard illegal DHCP packets by checking the validity of DHCP packets sent by the device, the user information is recorded to generate DHCP Snooping and bind the database for ARP detection and query. The following types of packets are considered invalid DHCP packets:

1. DHCP reply packets received by the UNTRUST port, including DHCPACK, DHCPNACK, and DHCPOFFER.

2. When mac verification is enabled, the DHCP Client Field Values carried by the source MAC and DHCP packets are different packets.

3. User information exists in the DHCP Snooping bound database, but the port information is inconsistent with the port information stored in the DHCP bound database.

Relationship between DHCP Snooping and ARP Detection

After learning about what DHCP Snooping is and about some devices, let's talk about its relationship with ARP detection. ARP detection is to check all ARP packets passing through the device. DHCP Snooping needs to provide database information for ARP detection. When receiving ARP packets, the DAI module queries the bound database of DHCP snooping Based on the packet. It considers the received ARP packet to be valid only when the mac, ip, and port information of the received ARP packet are matched, or discard the message.