cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1730
Views
0
Helpful
3
Replies
jimmysands73_2
Contributor

How does layer 2 switch recognize DHCP Snooping ?

This was posting on CLN, but no really good answers have appeared yet, so....has me curious....

"I just want to know how does a layer 2 switch know that a packet contains dhcp in it? I mean a switch is layer 2 so we I would expect the contents of the packet upwards of layer 2 is just payload right?"

Thank you

Jimmy

1 ACCEPTED SOLUTION

Accepted Solutions
Jon Marshall
VIP Community Legend

Jimmy

Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.

If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.

The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ?  I suspect it does so hopefully it is implemented in hardware.

*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.

Jon

View solution in original post

3 REPLIES 3
Jon Marshall
VIP Community Legend

Jimmy

Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.

If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.

The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ?  I suspect it does so hopefully it is implemented in hardware.

*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.

Jon

View solution in original post

Thank you for your time and information.

Hi John,

There are a lot of unicast messages in DHCP communication so  I think that it must look also for unicast DHCP messages.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.