User's Manual
330
Chapter 44 Chapter 1 DHCP Snooping
Configuration
44.1 IGMP Snooping Configuration Tasks
DHCP Snooping is to prevent the fake DHCP server from providing the DHCP service by judging the DHCP
packets, maintaining the binding relationship between MAC address and IP address. The L2 switch can
conduct the DAI function and the IP source guard function according to the binding relationship between MAC
address and IP address. The DHCP snooping is mainly to monitor the DHCP packets and dynamically maintain
the MAC-IP binding list. The L2 switch filters the packets, which do not meet the MAC-IP binding relationship,
to prevent the network attack from illegal users.
Enabling/Disabling DHCP-Snooping
Enabling DHCP-Snooping in a VLAN
Enabling DHCP anti-attack in a VLAN.
Setting an Interface to a DHCP-Trusting Interface
Enabling/Disabling binding table fast update function
Enabling DAI in a VLAN
Setting an Interface to an ARP-Trusting Interface
Enabling Source IP Address Monitoring in a VLAN
Setting anInterface to the One Which is Trusted by IP Source Address Monitoring
Setting DHCP-Snooping Option 82
Setting the Policy of DHCP-Snooping Option82 Packets
Setting the TFTP Server for Backing up Interface Binding
Setting a File Name for Interface Binding Backup
Setting the Interval for Checking Interface Binding Backup
Setting Interface Binding Manually
Monitoring and Maintaining DHCP-Snooping
Example of DHCP-Snooping Configuration
44.1.1 Enabling/Disabling DHCP Snooping
Run the following commands in global configuration mode.
Command Purpose
ip dhcp-relay snooping
Enables DHCP-snooping.
no ip dhcp-relay snooping
Resumes the default settings.
This command is used to enable DHCP snooping in global configuration mode. After this command is run, the
switch is to monitor all DHCP packets and form the corresponding binding relationship.
Note: If the client obtains the address of a switch before this command is run, the switch cannot add the
corresponding binding relationship.