13.1.1 Overview
DHCP snooping monitors the DHCP packets that pass through the Switch to restrict access from untrusted terminals.
DHCP snooping also supports terminal filters, which limit the IPv4 packets from untrusted terminals, and dynamic ARP inspection, which discards invalid ARP packets.
To enable DHCP snooping, place the Switch between the DHCP server and DHCP clients as shown in the following figure.
|
The registration destination of the terminal information is called the binding database.
The following table describes the functionality provided by DHCP snooping.
Item |
Description |
---|---|
Monitoring DHCP packets |
|
Registration of terminals with a fixed IP address |
|
Saving a binding database |
|
Inspecting DHCP packets |
|
Limiting the rate of DHCP packet reception |
|
Terminal filtering |
|
ARP packet inspection |
|
Limiting the rate of ARP packet reception |
|
- <Structure of this section>
(1) Stack configuration
The master switch manages the binding database and synchronizes with the member switches.
A member switch other than the master switch stores the binding database and performs only terminal filtering. Other functions are performed by the master switch.