Introduction:
This configuration is designed for NBS3100 and NBS3200 series switches, such as:
RG-NBS3100-8GT2SFP-P
RG-NBS3200-48GT4XS-P
RG-NBS3200-24GT4XS-P
To block an invalid DHCP server, the administrator must configure ports as trusted and untrusted ports. DHCP Snooping will process software-based DHCP packets. As shown in the image below, the port connected to a valid server is configured as a trusted port, and other ports are untrusted ports by default. For DHCP client request packets, the switch will only forward such packets to the trusted port. For DHCP server response packets, the device will only forward response packets received from the trusted port and discard all response packets received from the untrusted port. As shown in Figure 2, for DHCP DISCOVER packets sent from PC1 and PC2, the switch will only forward them to the trusted port; for DHCP OFFER packets sent from Server 1 and Server 2, the switch will only forward response packets from Server 1 and discard response packets from Server 2.
Configuration:
1. Access the device with the following parameters:
IP: 10.44.77.200 (Static IP or obtained through DHCP)
Password: admin (default)
2. Go to the following path:
Security -> DHCP Snooping
3. Enable the DHCP Snooping checkbox.
4. Once you have enabled the checkbox, the following will appear.
Select the port from which your valid or legal DHCP server comes.
Example:
In this case, it is port 6 as it is where our Ruijie Router is connected.
Click 'Save' to save our changes and apply them.
This way, we are ensuring that a second DHCP server cannot be injected, and our network remains intact with our network service.