DHCP Snooping/Relay Properties Configuration on Sx500 Series Stackable Switches

Objective

DHCP is a service that runs at the application layer of the TCP/IP protocol stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. DHCP snooping is a security feature which acts as a firewall between untrusted hosts and trusted DHCP servers. Snooping prevents false DHCP responses and monitor clients. They can prevent man-in-the-middle attacks and authenticate host devices. The DHCP snooping binding database is also used by IP source guard and ARP inspection. In layer 3 switches, DHCP relay and snooping can be enabled on any interface with an IP address and on VLANs with or without an IP address. 

This article explains the configuration of DHCP Properties on an Sx500 Series Stackable Switch. This also facilitates the configuration of the DHCP Snooping and DHCP Relay.

Applicable Devices

• Sx500 Series Stackable Switches

Software Version

• v1.2.7.76

Configure DHCP Properties

Step 1. Log in to the web configuration utility and choose IP Configuration > DHCP Snooping/Relay > Properties. The Properties page opens:

Step 2. (Optional) In the Option 82 field, check Enable to insert Option 82 information into packets. This field is disabled by default.

DHCP messages are broadcast messages which cannot cross from one network to another. A DHCP relay forwards the broadcast messages to a different network. It also adds option 82 to provide additional information on the client to the routing network. Option 82 is not needed when DHCP relay is enabled; however, if you use an external agent to do DHCP relay, option 82 needs to be enabled (Transparent DHCP relay). Option 82 helps the router to choose the client from the network pool.

Step 3. (Optional) In the DHCP Relay field, check Enable to enable DHCP relay feature. This field is disabled by default.

Step 4. In the DHCP Snooping status field, check Enable to enable DHCP Snooping. The following options can be configured only if you enable the snooping.

Step 5. (Optional) In the Option 82 Pass Through field, check Enable to enable packets from an untrusted source which have option 82 information. The packets from trusted interfaces are always forwarded.

Step 6. (Optional) In the Verify MAC Address field, check Enable to force the device to verify whether the source MAC address of the Layer 2 header matches the client hardware address or not.

Step 7. In the Backup Database field, check Enable to backup the DHCP Snooping Binding database on the flash memory of the device.

Step 8. In the Backup Database Update Interval field, enter the interval of how often the DHCP Snooping Binding Database will be backed up if Backup Database is enabled. The range is from 600 - 86400 seconds. The default value is 1200 seconds.

Step 9. Click Apply to apply the settings to the running configuration file.

Add a DHCP Server to the DHCP Relay Table

Step 10. Click Add to define a DHCP server. The DHCP server assigns and maintains an IP addresses database. Typically the DHCP server is a router. The Add DHCP Server window appears.

Step 11. Enter the IP address of the DHCP server in the DHCP Server IP Address field.

Step 12. Click Apply. The settings are written to the running configuration file.