- 04 Dec 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
DHCP Snooping sub-tab (NSR only)
- Updated on 04 Dec 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
The DHCP Snooping provides a defense against untrusted DHCP Servers providing IPs. This feature can be enabled per VLAN, and it requires that the DHCP. Snooping is also enabled under Global. The ports that have trusted DHCP Servers should be configured as Trusted. When DHCP Snooping is enabled, the DHCP requests will be broadcasted to trusted ports, and DHCP responses from trusted ports will be forwarded. The DHCP responses from untrusted ports will be dropped.
DHCP Option 82 can also be enabled when DHCP Snooping is enabled. The DHCP Option 82 adds the Circuit ID to the DHCP request so that the DHCP Server can assign IPs based on Circuit ID. If the Nodegrid DHCP Server is used, the Agent Circuit ID needs to be configured under the DHCP Server Hosts sub-tab.
There are 3 options for the Circuit ID format:
- vlan:interface
- hostname:vlan:interface and
- hostname:interface
- vlan:interface: “VLAN0005:netS1-1”
- hostname:vlan:interface: “mynodegrid:VLAN0005:netS1-1”
- hostname:interface: “mynodegrid:netS1-1”
Enable DHCP Snooping
(available in v5.6+)
- Go to Network :: Switch :: DHCP Snooping.
- Select a checkbox with a disabled VLAN.
- Click Edit (displays dialog), and enter details:
- Select Enable DHCP Snooping (expands dialog).
- Enable DHCP Option 82 (expands dialog). (v5.6+)
- Enable DHCP Option 82 (expands dialog). (v5.6+)
- Review the Circuit ID format details.
- If changes are made, click Save.
Disable DHCP Snooping
(available in v5.6+)
- Go to Network :: Switch :: DHCP Snooping.
- Select a checkbox with an enabled VLAN.
- Click Edit (displays dialog).
- If Enable DHCP Snooping is unselected (expands dialog).
- If changes are made, click Save.