DHCP-snooping Configuration

DHCPAfter the listener is enabled, the switch limits the user port to a non-trusted port. Only DHCP requests can be sent to discard all other DHCP packets from the user port.DHCP-snoopingAnother important role is to create a DHCP listener binding table. Since DHCP-snooping is so important, let's see how it is configured!

Case requirements

1. The PC can obtain the IP address from the specified DHCP Server;

2. prevent other illegal DHCP servers from affecting hosts on the network.

Complete the configuration as follows:

 
DHCP Snooping configuration steps

1. Go to the System View

<H3C> system-view

2. Global enable dhcp-snooping

[H3C] dhcp-snooping

3. enter port E1/0/2

[H3C] interface Ethernet 1/0/2

3. Configure port E1/0/2 as the trust port,

[H3C-Ethernet1/0/2] dhcp-snooping trust

DHCP Snooping configuration key points

1. When DHCP-Snooping is enabled, the switch listens to the DHCP packet and can extract and record the IP address and MAC address information from the received DHCP Request or DHCP Ack message. In addition, DHCP-Snooping allows you to set a physical port to a trusted port or untrusted port. The trusted port can normally receive and forward DHCP Offer packets, but the untrusted port will discard the received DHCP Offer packets. In this way, the vswitch can shield the counterfeit DHCP Server and ensure that the client obtains the IP address from the valid DHCP Server;

2. the DHCP server provides the "dhcp offer" packet that contains the IP address assigned by the server to the user. Port E1/0/2 enters the switch and forwards the packet, therefore, you need to configure port E1/0/2 as the "trust" port. If the upstream interface of the vswitch is configured as the Trunk port and is connected to the DHCP relay device, you also need to configure the upstream port as the "trust" port.