Configuration of DHCP-snooping on S3600 series switch

关键词:
功能需求

Configuration of DHCP-snooping on S3600 series switch

1        Network requirements

1.1 Both PC1 and PC2 can obtain IP addresses from specified DHCP Servers.

1.2 Prevent other unauthorized DHCP Servers from affecting the hosts of the network.

2 Network diagram

3 Network procedure

3.1 Enter system view

<Switch>system-view

3.2 Enable dhcp-snooping globally

[Switch]dhcp-snooping

3.3 Enter port E1/0/2

[Switch] interface Ethernet 1/0/2

3.4 Configurate port E1/0/2 as a trust port

[SwitchA-Ethernet1/0/2]dhcp-snooping trust

4        Configuration tips

4.1 Since the DHCP-Snooping is enabled, the switch will snoop into the DHCP messages, and may extract and record IP addresses and MAC addresses from the received messages of DHCP Request or DHCP Ack. In addition, DHCP-Snooping allows to set a physical port as trusted or distrusted port. The trusted ports can receive and forward the DHCP Offer messages normally, while the distrusted ports will discard the received DHCP Offer messages. Thus, the switch may shield from the counterfeit DHCP Servers, ensuring the clients to obtain IP addresses from the authorized DHCP Servers.

4.2 The DHCP server provides the users with messages containing the IP addressed distributed by the server to the users, namely the "dhcp offer" messages that enter SwitchA from port G1/1 and are forwarded. So, port G1/1 needs to be configured as ”trust” port. To configure the uplink interface of SwitchA as a Trunk port and connect it to DHCP trunking devices, it also needs to configure the uplink port as "trust" port.

4.3 This case is also applicable to H3C S5600 series switch,Quidview S3900,Quidview S5600 and so on.

案例信息

案例类型:典型配置
案例号:KMS - 10480
创建时间:2007年4月6日
更新时间:2007年4月24日
发布时间:2007/4/24 5:42:05
文章密级:游客可见
有效期:长期有效
发布者:陈玉龙 [c04979]
点击次数:538
评论平均得分:0
关键词:
产品线:低端交换机
产品系列:
产品版本:
技术分类:网络层协议 IPSec

常用操作
收藏