DHCP Snooping
DHCP Snooping enables snooping of DHCP packets and creates a DHCP bindings
database of IP to MAC addresses for static and dynamic VLANs.
DHCP servers connected to ports not configured as trusted are deemed to be rogue
DHCP servers. This feature allows you to:
- Configure DHCP Snooping for
EXOS/Switch Engine globally within a switch template
- Define DHCP snooping actions
within the VLAN attributes section
- Enable or disable trusted
ports within port types
- Enable dropping of rogue DHCP Packets action for static and
dynamic VLANs.
Common use-cases for DHCP Snooping are:
- The ability to configure DHCP
Snooping protection on edge switches to prevent rogue DHCP packets from
traversing ports.
- The ability to globally
enable the feature for all edge switches in specific VLANs assigned to a
network policy.
- The ability to support DHCP
snooping being disabled using switch template VLAN attributes override or
device level configuration override.
- Provide flexibility to enable
a trusted port on specific ports where DHCP servers may exist on a switch
with mixed ports (untrusted and trusted) for DHCP snooping. Visibility of
violations and additional information such as DHCP lease time is also
required to be visible when the DHCP snooping feature is enabled.
