Filter
Top Products
Page 3 | AlliedWare™ OS How To Note: DHCP Snooping on Rapier-style switches
DHCP snooping
Related How To Notes
The following How To Note describes DHCP snooping on AT-9900, x900-48 and AT-8948
series switches:
z How To Use DHCP Snooping, Option 82, and Filtering on AT-9900 and x900-48 Series Switches
The following How To Notes also use DHCP snooping in their solutions:
z How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs
z How To Create A Secure Network With Allied Telesis Managed Layer 3 Switches
z How To Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks
How To Notes are available from the library at www.alliedtelesis.com/resources/literature/
howto.aspx.
DHCP snooping
DHCP snooping forces all DHCP packets to be sent up to the switch CPU before forwarding.
The switch CPU then keeps a database of the IP addresses that are currently allocated to
downstream clients and the switch ports that the relevant clients are attached to.
Note: The switch CPU does not store a history log. The DHCP server does this.
DHCP snooping performs two main tasks:
z Keeping a record of which IP addresses are currently allocated to hosts downstream of
the ports on the switch.
z Deciding which packets are candidates for having Option 82 information inserted, and
actively filtering out packets that are deemed to be invalid DHCP packets (according to
criteria described below).
Note: Option 82 must be enabled separately.
Minimum configuration
The following output shows the minimum configuration required to use DHCP snooping and
provide filtered connectivity. With this configuration a client will be able to receive a DHCP
address, and access the IP network. If the client manually changes its IP, it will not be
permitted access to the IP network. The administrator will also be able to see the current
valid entries in the DHCP snooping database.
# DHCP Snooping configuration
enable dhcpsnooping
set dhcpsnooping port=24 trusted=yes