Scribd
Upload
40 views7 pages

19 Securing Switch Access Part 1

Securing Switch Access

Uploaded by

jdwhite9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views7 pages

19 Securing Switch Access Part 1

Securing Switch Access

Uploaded by

jdwhite9
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Securing Switch Access

Part-1: DHCP Snooping

www.ine.com
DHCP Snooping
What problem does it solve?
DHCP Server
A VLAN-X Port-3
Port-1

VLAN-X Port-2

Malicious/Evil Person!
Copyright www.ine.com
DHCP Snooping Terminology

Trusted Port
Untrusted Port DHCP Server
A VLAN-X Port-3
Port-1

VLAN-X Port-2

DHCP Snooping Binding Database


Client MAC = 00.02.aa.bb.cc.dd / Port 0/1
Client IP = 1.1.1.1 /24 (dynamic)
Lease Time = 24-hours

Malicious/Evil Person!
Copyright www.ine.com
DHCP Snooping Operation
DHCP Client messages only allowed from Untrusted to
Trusted ports
DHCP Discover
DHCP Request / Inform
DHCP Decline
DHCP Release
DHCP Server messages only allowed on ingress from Trusted
ports.
DHCP Offer
DHCP Ack
DHCP NACK
Copyright www.ine.com
DHCP Snooping Configuration
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan <vlan-id>
!
Switch(config-if)# ip dhcp snooping limit rate <1-2048>
Switch(config-if)# ip dhcp snooping trust
!
Switch(config)# [no] ip dhcp snooping information option

Copyright www.ine.com
DHCP Snooping Verification

Copyright www.ine.com
DHCP Snooping Monitoring

Copyright www.ine.com

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy