Brief Analysis of H3C switch DHCP Snooping Configuration

In the previous article, we have explained the DHCP Server settings and DHCP Relay settings of the H3C switch. Here we will explain the last part -- DHCP Snooping configuration of the H3C switch.

H3C switch DHCP Snooping configuration 1> Configure Environment Parameters

1. The DHCPServer is connected to port G1/1 of the SwitchA vswitch. It belongs to vlan10 and its IP address is 10.10.1.253/24.

2. Ports E0/1 and E0/2 belong to vlan10.

H3C switch DHCP Snooping configuration 1> networking requirements

1. PC1 and PC2 can both obtain IP addresses from the specified DHCP Server.

2. prevent other illegal DHCP servers from affecting hosts on the network

H3C switch DHCP Snooping configuration 2> switch DHCP-Snooping configuration process

When DHCP-Snooping is enabled, the switch listens to the DHCP packet and can extract and record IP address and MAC address information from the received DHCP Request or DHCP Ack message. In addition, DHCP-Snooping allows you to set a physical port to a trusted port or untrusted port. The trusted port can normally receive and forward DHCP Offer packets, but the untrusted port will discard the received DHCP Offer packets. In this way, the vswitch can shield the counterfeit DHCP Server and ensure that the client obtains the IP address from the valid DHCP Server.

H3C switch DHCP Snooping configuration 3> SwitchA Configuration

1. Create and enter) VLAN10

[SwitchA] vlan 10

2. Add ports E0/1, E0/2, and G1/1 to VLAN10.

[SwitchA-vlan10] port Ethernet 0/1 Ethernet 0/2 GigabitEthernet 1/1

3. Global enable dhcp-snooping

[SwitchA] dhcp-snooping

4. Configure port G1/1 as the trust port,

[SwitchA-GigabitEthernet1/1] dhcp-snooping trust