FS S3900 SERIES SWITCHES

Overview

The S3900 series switches consist of three models: S3900-24T4S, S3900-24F4S, S3900-48T4S, which are fully managed stackable Gigabit switches, equipped with Broadcom chips, supporting 10G SFP+ uplinks, designed for SMB, campus and enterprise networks.

S3900-24T4S S3900-24F4S S3900-48T4S

Product Guideline

Product Guideline

Case Study

Download

FAQ

Basic Information
Overview
Test Report
EOM, EOFS and EOS Date
Supported Module & Cable
Configuration Guide
Switch Stack
Voice VLAN
STP Configuration
Interface-based VLAN
IP Subnet-based VLAN
Protocol-based VLAN
Traffic Segmentation
Log in Guide
Port Mirroring
MAC Address-based VLAN
LACP
SNMP
DHCP Snooping

DHCP Snooping Configuration on FS S3900 Series Switches

Posted on By FS.COM

In networking, DHCP Snooping is a security feature of the network switch to prevent unauthorized DHCP servers sending IP addresses to DHCP clients, or prohibit unrecognized devices sending port-related information to a DHCP server. S3900 series Layer 2+ Gigabit managed switches can give full play to this function especially when it serves in the access layer.

DHCP Snooping Application on FS S3900 Series Switches

DHCP Snooping, the layer 2 security technology, is often deployed at the access layer. Here takes S3900-24F4S switch, servers and the PC as an example to illustrate the DHCP Snooping application. When PC asks for the IP address, assuming that both authorized and rogue DHCP servers will react, the message from which one would be accepted by the PC? Theoretically, the one that runs faster wins. Well, with the DHCP Snooping enabled on the switch, only the message from the authorized DHCP server will be sent to the destination through the trusted ports. However, if the PC connects to the switch through any port other than the one that has been recorded in the binding table of the DHCP Snooping, or if the PC is replaced by another end-device, resulting in the variation of the MAC address, the message from the DHCP server will fail to be sent to the client, as only the packets matched to the IP-MAC-Port Binding rules can be processed.

DHCP Snooping.jpg

Note:

The switch executing the DHCP Snooping will generally link upwards to the DHCP server and downwards to clients. As most end devices are only equipped with RJ45 ports, the downward pathway may need to be carried by the Ethernet copper cable.

DHCP Snooping Configuration Roadmap of S3900 Series Switches

The configuration of DHCP Snooping on S3900 series switches can be achieved via CLI. The configuration roadmaps are as follows:


  • Create a VLAN and enable DHCP Snooping on the VLAN;

  • Add the ports connected to the DHCP server and the legal clients into the VLAN;

  • Configure the ports connected to the DHCP server as the trusted interfaces to allow for the pass-through of the port-related information;

  • Verify the configuration.

S3900 Series Switch DHCP Snooping Configuration Via CLI

Taking FS S3900-24F4S switch as an example, the specific commands are shown and explained as follows:

1. Enter global configuration mode by issuing the configure terminal command.

S3900-24F4S#configure terminal

2. Create a VLAN

S3900-24F4S(config)#vlan database

S3900-24F4S(config-vlan)#vlan 10

S3900-24F4S(config-vlan)#exit

3. Set the port that connects to the client as the access interface and add it into the VLAN

S3900-24F4S(config)#interface ethernet 1/23

S3900-24F4S(config-if)#switchport mode access

S3900-24F4S(config-if)#switchport access vlan 10

S3900-24F4S(config-if)#exit

4. Set the port that connects to the DHCP server as the access interface and add it into the VLAN

S3900-24F4S(config)#interface ethernet 1/24

S3900-24F4S(config-if)#switchport mode access

S3900-24F4S(config-if)#switchport access vlan 10

S3900-24F4S(config-if)#exit

5. Enable DHCP Snooping on the VLAN

S3900-24F4S(config)#ip dhcp snooping

S3900-24F4S(config)#ip dhcp snooping vlan 10

6. Change the trust setting of the port that is connected to the DHCP server to trust at the interface configuration level

S3900-24F4S(config)#interface ethernet 1/24

S3900-24F4S(config-if)#ip dhcp snooping trust

S3900-24F4S(config-if)#end

7. Check whether the DHCP binding table is created to verify the configuration

S3900-24F4S#show ip dhcp snooping binding
dhcp snooping binding.png

Related Articles:

Voice VLAN Configuration on FS S3900 Series Switches
Traffic Segmentation Configuration on FS S3900 Series Switches

Name
All Type
Date
File