Chapter 26 IP Source Guard
XGS-4728F User’s Guide
232
26.1.1 DHCP Snooping Overview
Use DHCP snooping to filter unauthorized DHCP packets on the network and to
build the binding table dynamically. This can prevent clients from getting IP
addresses from unauthorized DHCP servers.
26.1.1.1 Trusted vs. Untrusted Ports
Every port is either a trusted port or an untrusted port for DHCP snooping. This
setting is independent of the trusted/untrusted setting for ARP inspection. You can
also specify the maximum number for DHCP packets that each port (trusted or
untrusted) can receive each second.
Trusted ports are connected to DHCP servers or other switches. The Switch
discards DHCP packets from trusted ports only if the rate at which DHCP packets
arrive is too high. The Switch learns dynamic bindings from trusted ports.
Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there
are no trusted ports.
Untrusted ports are connected to subscribers. The Switch discards DHCP packets
from untrusted ports in the following situations:
• The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
• The source MAC address and source IP address in the packet do not match any
of the current bindings.
• The packet is a RELEASE or DECLINE packet, and the source MAC address and
source port do not match any of the current bindings.
• The rate at which DHCP packets arrive is too high.
26.1.1.2 DHCP Snooping Database
The Switch stores the binding table in volatile memory. If the Switch restarts, it
loads static bindings from permanent memory but loses the dynamic bindings, in
which case the devices in the network have to send DHCP requests again. As a
result, it is recommended you configure the DHCP snooping database.
The DHCP snooping database maintains the dynamic bindings for DHCP snooping
and ARP inspection in a file on an external TFTP server. If you set up the DHCP
snooping database, the Switch can reload the dynamic bindings from the DHCP
snooping database after the Switch restarts.
Summary of Contents for XGS-4728F
Page 2: ......
Page 8: ...Safety Warnings XGS 4728F User s Guide 8 ...
Page 24: ...24 ...
Page 30: ...Chapter 1 Getting to Know Your Switch XGS 4728F User s Guide 30 ...
Page 34: ...Chapter 2 Hardware Installation and Connection XGS 4728F User s Guide 34 ...
Page 42: ...Chapter 3 Hardware Overview XGS 4728F User s Guide 42 ...
Page 44: ...44 ...
Page 78: ...Chapter 7 System Status and Port Statistics XGS 4728F User s Guide 78 ...
Page 92: ...Chapter 8 Basic Setting XGS 4728F User s Guide 92 ...
Page 94: ...94 ...
Page 114: ...Chapter 9 VLAN XGS 4728F User s Guide 114 ...
Page 118: ...Chapter 10 Static MAC Forward Setup XGS 4728F User s Guide 118 ...
Page 148: ...Chapter 14 Bandwidth Control XGS 4728F User s Guide 148 ...
Page 162: ...Chapter 17 Link Aggregation XGS 4728F User s Guide 162 ...
Page 186: ...Chapter 21 Policy Rule XGS 4728F User s Guide 186 ...
Page 230: ...Chapter 25 AAA XGS 4728F User s Guide 230 ...
Page 268: ...268 ...
Page 324: ...324 ...
Page 332: ...Chapter 38 Maintenance XGS 4728F User s Guide 332 ...
Page 358: ...Chapter 41 Syslog XGS 4728F User s Guide 358 ...
Page 366: ...Chapter 42 Cluster Management XGS 4728F User s Guide 366 ...
Page 370: ...Chapter 43 MAC Table XGS 4728F User s Guide 370 ...
Page 374: ...Chapter 44 IP Table XGS 4728F User s Guide 374 ...
Page 378: ...Chapter 46 Routing Table XGS 4728F User s Guide 378 ...
Page 382: ...382 ...
Page 392: ...Chapter 48 Troubleshooting XGS 4728F User s Guide 392 ...
Page 402: ...Chapter 49 Product Specifications XGS 4728F User s Guide 402 ...
Page 404: ...404 ...
Page 408: ...Appendix A Legal Information XGS 4728F User s Guide 408 ...