Configuration of DHCP-snooping on S3600 series switch
1 Network requirements：
1.1 Both PC1 and PC2 can obtain IP addresses from specified DHCP Servers.
1.2 Prevent other unauthorized DHCP Servers from affecting the hosts of the network.
2 Network diagram：
3 Network procedure：
3.1 Enter system view
3.2 Enable dhcp-snooping globally
3.3 Enter port E1/0/2
[Switch] interface Ethernet 1/0/2
3.4 Configurate port E1/0/2 as a trust port
4 Configuration tips：
4.1 Since the DHCP-Snooping is enabled, the switch will snoop into the DHCP messages, and may extract and record IP addresses and MAC addresses from the received messages of DHCP Request or DHCP Ack. In addition, DHCP-Snooping allows to set a physical port as trusted or distrusted port. The trusted ports can receive and forward the DHCP Offer messages normally, while the distrusted ports will discard the received DHCP Offer messages. Thus, the switch may shield from the counterfeit DHCP Servers, ensuring the clients to obtain IP addresses from the authorized DHCP Servers.
4.2 The DHCP server provides the users with messages containing the IP addressed distributed by the server to the users, namely the "dhcp offer" messages that enter SwitchA from port G1/1 and are forwarded. So, port G1/1 needs to be configured as ”trust” port. To configure the uplink interface of SwitchA as a Trunk port and connect it to DHCP trunking devices, it also needs to configure the uplink port as "trust" port.
4.3 This case is also applicable to H3C S5600 series switch,Quidview S3900,Quidview S5600 and so on.