Chapter 23: DHCP Snooping
292
A network device initially sends out a DHCPDISCOVER packet so that a
DHCP server will respond. It waits for and then accepts the
first DHCPOFFER packet from the server that it receives. This packet
contains the DHCP server’s IP address and mask. If the unauthorized
DHCP server responds first, then the network device will use the
information from the unintended DHCP server for the default gateway or
DNS server.
Untrusted ports are connected to the DHCP clients and to traffic that
originated outside the LAN. By definition, untrusted ports do not accept
DHCP packets originating form a DHCP server and immediately drop
them when they are detected. The DHCP packets types that are not
accepted are DHCPOFFER and DHCPACK.
However, untrusted ports do accept both DHCP DISCOVER and
DHCPREQUEST packets sent from DHCP clients. This behavior
allows DHCP clients to respond to a trusted DHCP server and not respond
to a DHCP server that is untrusted.
DHCP with
Option 82
You can configure the AT-GS950/16PS to pass DHCP packets containing
Option 82 information through the switch without altering the information
within the packet. You can also configure the AT-GS950/16PS switch to
insert DHCP Option 82 information directly into the DHCP packets as they
pass through the switch.