Configuring DHCP Snooping on NETGEAR Manage Switches

The steps below is based on an actual network setup that I setup inside our laboratory to replicate DHCP snooping. I use NETGEAR UTM150 router to act as my main DHCP server while NETGEAR WNDR3700 is the Rouge DHCP server. GS752TXS is our layer 2 switch.

This is my network setup for replication:

NETGEAR UTM150 LAN Setup

Created a VLAN 10 profile to a DHCP server for VLAN 10 in GS752TXS.

GS752TXS VLAN configuration

VLAN 1 – Default

VLAN10 - Created VLAN 10 and set ports 15-20 as untagged members with a
PVID 10. Port 25 is a Tagged Member

How to configure DHCP Snooping

1. Go to System > Services > Global Configuration and enable DHCP Snooping mode.

Then apply to save the settings.

2. Go to the interface where the non-rouge DHCP server is connected. Basically, this will be the trusted interface for DHCP service.

Select the interface and enable Trust mode. Then click Apply to save the settings.

3. Go the computer connected to VLAN 10 and release/renew the IP address.

The IP address that I got was 10.169.1.2 which is the IP address from the correct DHCP server.

4. Go to Binding configuration and check the Dynamic Binding Configuration.

Dynamic Binding Configuration shows the IP address of the computer connected to VLAN 10 including its MAC address and VLAN ID.

Test if DHCP snooping is working

1. Disconnect the Trusted DHCP server.

2. On the computer connected to VLAN 10, release/renew the IP address. This is what I got after renewing the IP address:

As you noticed, even if there is a DHCP server connected to VLAN10, the computer was not able to get an IP address because the port where the rouge DHCP server is not trusted. The only trusted port for DHCP service is port 25.

3. Connect the DHCP server back to port 25 and do release/renew the IP address. The computer connected to VLAN 10 should be able to get an IP address from the trusted DHCP server.