Operation Manual – DHCPH3C S7500 Series Ethernet Switches Chapter 4 DHCP Snooping Configuration4-1Chapter 4 DHCP Snooping ConfigurationWhen configuring DHCP snooping, go to these sections for information you areinterested in:z Configuring DHCP Snoopingz DHCP-Snooping Option 82z Displaying and Maintaining DHCP Snoopingz DHCP Snooping Configuration Example4.1 Configuring DHCP Snooping4.1.1 Introduction to DHCP SnoopingFor the sake of security, the IP addresses used by online DHCP clients need to betracked for the administrator to verify the corresponding relationship between the IPaddresses the DHCP clients obtained from DHCP servers and the MAC addresses ofthe DHCP clients.z Layer 3 switches can track DHCP client IP addresses through a DHCP relayagent.z Layer 2 switches can track DHCP client IP addresses through the DHCP snoopingfunction, which listens to DHCP broadcast packets.When an unauthorized DHCP server exists in the network, a DHCP client may obtainan illegal IP address. To ensure that the DHCP clients obtain IP addresses from validDHCP servers, you can specify a port to be a trusted port or an untrusted port throughthe DHCP snooping function.z Trusted ports can be used to connect DHCP servers or ports of other switches.Untrusted ports can be used to connect DHCP clients or networks.z Trusted ports forward any received DHCP packet to ensure that DHCP clients canobtain IP addresses from valid DHCP servers. Untrusted ports drop all thereceived packets.Figure 4-1 illustrates a typical network diagram for DHCP snooping application, whereSwitch A is an S7500 series switch.