Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1943
Views
0
Helpful
3
Replies

How does layer 2 switch recognize DHCP Snooping ?

Go to solution
jimmysands73_2
Level 5
Level 5

‎09-29-2012 04:41 PM - edited ‎03-07-2019 09:11 AM

This was posting on CLN, but no really good answers have appeared yet, so....has me curious....

"I just want to know how does a layer 2 switch know that a packet contains dhcp in it? I mean a switch is layer 2 so we I would expect the contents of the packet upwards of layer 2 is just payload right?"

Thank you

Jimmy

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-29-2012 05:27 PM

Jimmy

Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.

If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.

The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ?  I suspect it does so hopefully it is implemented in hardware.

*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎09-29-2012 05:27 PM

Jimmy

Just because a it is a L2 switch does not mean it cannot look beyond the mac-address of the packet. For example IGMP snooping is a feature enabled on many L2 switches but IGMP itself is a L3 function. So a number of features on L2 switches require the switch to look at more than the ethernet header to function properly. So just because it cannot route does not mean it cannot look into the payload for certain features.

If you know about firewalls think of like a stateful firewall such as the ASA which handles the majority of packets by simply looking at the IP and port numbers but for certain applications it can further at the the actual commands used in the application.

The only thing i couldn't verify was that by turning on DHCP snooping does that mean that on untrusted ports every broadcast must "inspected" to see whether it was a DHCP packet or not ?  I suspect it does so hopefully it is implemented in hardware.

*** Edit - i just found an Ask the Expert event on DHCP snooping and apparently DHCP snooping is not implemented on hardware but software which is surprising. This would suggest the switch does not inspect every broadcast but then unless it does i can't see how it knows it is a DHCP packet.

Jon

0 Helpful

Go to solution
jimmysands73_2
Level 5
Level 5
In response to Jon Marshall

‎09-30-2012 07:28 AM

Thank you for your time and information.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Jon Marshall

‎09-30-2012 09:52 AM

Hi John,

There are a lot of unicast messages in DHCP communication so  I think that it must look also for unicast DHCP messages.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card