Configuring Device Security
Defining DHCP Snooping
Cisco Small Business SFE/SGE Managed Switches Administration Guide
129
4
-
Unchecked
— Disables DHCP Snooping on the device. This is the
default value.
•
Option 82 Passthrough
— Indicates if the device forwards or rejects packets
that include Option 82 information, while DHCP Snooping is enabled.
-
Checked
— Device forwards packets containing Option 82 information.
-
Unchecked
— Device rejects packets containing Option 82 information.
•
Verify MAC Address — Indicates if the MAC address is verified. The possible
field values are:
-
Checked
— Verifies (on an untrusted port) that the source MAC address
of the Layer 2 header matches the client hardware address as appears
in the DHCP Header (part of the payload).
-
Unchecked
— Disables verifying that the source MAC address of the
Layer 2 header matches the client hardware address as appears in the
DHCP Header. This is the default value.
•
Backup Database — Indicates if the DHCP Snooping Database learning and
update is enabled. All changes to the binding storage file are implemented only
if the device’s system clock is synchronized with the SNTP Server.
The
possible field values are:
-
Checked
— Enables backing up of the allotted IP address in the DHCP
Snooping Database.
-
Unchecked
— Disables backing up to the allotted IP address in the
DHCP Snooping Database. This is the default value.
•
Database Update Interval — Indicates how often the DHCP Snooping
Database is backed up. The possible field range is 600 – 86400 seconds. The
field default is 1200 seconds.
STEP 2
Modify the relevant fields.
STEP 3
Click Apply. The settings are defined, and the device is updated.
Defining DHCP Snooping on VLANs
The
DHCP Snooping VLAN Settings Page
allows network managers to enable
DHCP snooping on VLANs. To enable DHCP Snooping on a VLAN, ensure DHCP
Snooping is enabled on the device.