09-29-2012 04:41 PM - edited 03-07-2019 09:11 AM
This was posting on CLN, but no really good answers have appeared yet, so....has me curious....
"I just want to know how does a layer 2 switch know that a packet contains dhcp in it? I mean a switch is layer 2 so we I would expect the contents of the packet upwards of layer 2 is just payload right?"
Thank you
Jimmy
Solved! Go to Solution.
09-29-2012 05:27 PM
Jimmy
Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.
If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.
The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ? I suspect it does so hopefully it is implemented in hardware.
*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.
Jon
09-29-2012 05:27 PM
Jimmy
Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.
If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.
The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ? I suspect it does so hopefully it is implemented in hardware.
*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.
Jon
09-30-2012 07:28 AM
Thank you for your time and information.
09-30-2012 09:52 AM
Hi John,
There are a lot of unicast messages in DHCP communication so I think that it must look also for unicast DHCP messages.
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide