ZyXEL GS1910-24 User Guide - Page 46

Chapter 5 Tutorials If you want to use dynamic bindings to filter unauthorized ARP packets (typical implementation), you have to enable DHCP snooping before you enable ARP inspection. Trusted vs. Untrusted Ports Every port is either a trusted port or an untrusted port for DHCP snooping. Trusted ports are connected to DHCP servers or other switches. The Switch learns dynamic bindings from trusted ports. Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are no trusted ports. Untrusted ports are connected to subscribers. The Switch discards DHCP packets from untrusted ports in the following situations: • The packet is a DHCP server packet (for example, OFFER, ACK, or NACK). • The source MAC address and source IP address in the packet do not match any of the current bindings. • The packet is a RELEASE or DECLINE packet, and the source MAC address and source port do not match any of the current bindings. In the following example, you only want DHCP server A connected to port 5 to assign IP addresses to all devices in VLAN 100. Create a VLAN containing ports 5, 6 and 7. Connect a computer (M) to the Switch's port which is not in VLAN 100. M VLAN 100 CB A The settings in this tutorial are as the following. Table 5 Settings in this Tutorial HOST PORT CONNECTED DHCP Server (A) 5 DHCP Client (B) 6 DHCP Client (C) 7 VLAN 1 and 100 1 and 100 1 and 100 PVID 100 100 100 DHCP SNOOPING PORT TRUSTED Yes No No 1 Access the Switch through http://192.168.1.1. Log into the Switch by entering the username (default: admin) and password (default: 1234). 2 See Section 5.4 on page 38 for how to create a VLAN and configure ports to join the VLAN. 46 GS1910/XGS1910 Series User's Guide