Dynamic Host Configuration Protocol (DHCP) Snooping Properties on SFE/SGE Managed Switches

Objective

The objective of this document is to help configure the  Dynamic Host Configuration Protocol (DHCP) snooping properties on SFE/SGE managed switches. These settings are important as they improve the network security by rejecting the untrusted DHCP messages. They also maintain a DHCP snooping binding database. 

Applicable Devices

• SFE/SGE Series 

Software Version

• v3.0.2.0 

DHCP Snooping Properties

Step 1. Log in to the web configuration utility and choose Security Suite > DHCP Snooping > Properties.  The Properties page opens:

Step 2. In the Enable DHCP Snooping field, check the Enable DHCP Snooping check box to enable the DHCP snooping on the device.

Step 3. In the Option 82 Passthrough field, check the Option 82 Passthrough check box to forward a packet that contains option 82 information. If this field is not check the packet will be rejected.

Step 4. In the Verify MAC Address field, check the Verify MAC Address check box to know that the layer 2 MAC address is same as the client hardware address. If the field is unchecked the verification of the MAC address will not be processed.

Step 5. In the Backup Database field, check the Backup Database check box to backup the IP address allocated to the DHCP snooping database. If the field is unchecked the database will not be backed up.

Step 6. If the Backup Database field is checked, enter the time interval in which the database should be backed up. It should be between 600-86400 seconds. It is set as 1200 sec by default.

Step 7. Click Apply.

Caution: This only saves your configuration to the running configuration file. This means any changes made will be lost if the device is rebooted. If you wish to save these changes even after a system reboot, you need to copy the running configuration file to the startup configuration file. See Copy Configuration File on SFE/SGE Series Managed Switches for more information on how to do this