Operation Manual – DLDPH3C S3100-52P Ethernet Switch Chapter 2 DHCP Snooping Configuration2-1Chapter 2 DHCP Snooping Configuration2.1 Introduction to DHCP SnoopingFor the sake of security, the IP addresses used by online DHCP clients need to betracked for the administrator to verify the corresponding relationship between the IPaddresses the DHCP clients obtained from DHCP servers and the MAC addresses ofthe DHCP clients.z Layer 3 switches can track DHCP client IP addresses through DHCP relay.z Layer 2 switches can track DHCP client IP addresses through the DHCP snoopingfunction, which listens DHCP broadcast packets.When an unauthorized DHCP server exists in the network, a DHCP client may obtainsan illegal IP address. To ensure that the DHCP clients obtain IP addresses from validDHCP servers, you can specify a port to be a trusted port or an untrusted port by theDHCP snooping function.z Trusted ports can be used to connect DHCP servers or ports of other switches.Untrusted ports can be used to connect DHCP clients or networks.z Untrusted ports drop the DHCP-ACK and DHCP-OFFER packets received fromDHCP servers. Trusted ports forward any received DHCP packets to ensure thatDHCP clients can obtain IP addresses from valid DHCP servers.Figure 2-1 illustrates a typical network diagram for DHCP snooping application, whereSwitch A is an S3100-52P series Ethernet switch.InternetDHCP clientDHCP clientDHCP clientEthernetDHCP clientDHCP serverSwitch A (DHCP snooping) Switch B (DHCP relay)InternetEthernetEthernetInternetDHCP clientDHCP clientDHCP clientEthernetDHCP clientDHCP serverSwitch A (DHCP snooping) Switch B (DHCP relay)InternetEthernetInternetDHCP clientDHCP clientDHCP clientEthernetDHCP clientDHCP serverSwitch A (DHCP snooping) Switch B (DHCP relay)InternetEthernetEthernetEthernetFigure 2-1 Typical network diagram for DHCP snooping applicationFigure 2-2 illustrates the interaction between a DHCP client and a DHCP server.