Professional Documents
Culture Documents
DHCP clients look for the server by broadcasting, and only accept
the network configuration parameters provided by the first
reachable server. Therefore, an unauthorized DHCP server in the
network might lead to DHCP server spoofing attacks. System can
prevent against DHCP server spoofing attacks by dropping DHCP
response packets on related ports.
With DHCP Snooping enabled, system will inspect all the DHCP
packets passing through the interface, and create and maintain a
DHCP Snooping list that contains IP-MAC binding information
during the process of inspection. Besides, if the VSwitch, VLAN
interface or any other Layer 3 physical interface is configured as a
DHCP server, system will create IP-MAC binding information
automatically and add it to the DHCP Snooping list even if DHCP
Snooping is not enabled. The bindings in the list contain
information like legal users' MAC addresses, IPs, interfaces, ports,
lease time, etc.