Dell PowerConnect M6220 User's Guide - Page 397
DHCP Snooping, Dropped, Switching
View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 397 highlights
• Dropped - The number of not valid ARP packets dropped by DAI. Configuring Dynamic ARP Inspection With CLI Commands For information about the CLI commands that perform this function, refer to the following chapter in the CLI Reference Guide: • Dynamic ARP Inspection Commands DHCP Snooping DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers to filter harmful DHCP messages and to build a bindings database of MAC address, IP address, VLAN ID, and port tuples that are considered authorized. You can enable DHCP snooping globally, perinterface, and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports. DHCP snooping enforces the following security rules: • DHCP packets from a DHCP server (DHCPOFFER, DHCPACK, DHCPNAK, DHCPRELEASEQUERY) are dropped if received on an untrusted port. • DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping database, but the binding's interface is other than the interface where the message was received. • On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match the client hardware address. This feature is a configurable option. The hardware identifies all incoming DHCP packets on ports where DHCP snooping is enabled. DHCP snooping is enabled on a port if (a) DHCP snooping is enabled globally, and (b) the port is a member of a VLAN where DHCP snooping is enabled. On untrusted ports, the hardware traps all incoming DHCP packets to the CPU. On trusted ports, the hardware forwards client messages and copies server messages to the CPU so that DHCP snooping can learn the binding. Table 7-3. DHCP Snooping Trusted Port Destination UDP Port 67 (from client) Forward in hardware Untrusted Port Trap to CPU (enforcement) Destination UDP Port 68 (from server) Copy to CPU (Complete the tentative binding for a given DHCP client, based on the MAC address.) Trap to CPU (error logging) To display the DHCP Snooping page, click Switching > DHCP Snooping in the tree view. The DHCP Snooping menu page contains links to the following features: • DHCP Snooping Configuration • DHCP Snooping Interface Configuration • DHCP Snooping VLAN Configuration Configuring Switching Information 395