My first useful Cisco post (DHCP Snooping)
BobMead
Member Posts: 55 ■■■□□□□□□□
in CCNA & CCENT
Well this is something that I ran into a few years back when a dummy connected his linksys router to our network and started serving up IP's. Well not only is this a pain in the ass to track down in a large campus but it can be prevented with this feature.
You can enable it at a global level via ip dhcp snooping or on a vlan via ip dhcp snooping vlan 50. you will then specify which ports belong to a trusted DHCP server:
Int gi 0/24
ip dhcp snooping trust
Verify Traffic:
show ip dhcp snooping binding.
More Info: Catalyst 6500 Release 12.2SX Software Configuration Guide - DHCP Snooping [Cisco Catalyst 6500 Series Switches] - Cisco Systems
You can enable it at a global level via ip dhcp snooping or on a vlan via ip dhcp snooping vlan 50. you will then specify which ports belong to a trusted DHCP server:
Int gi 0/24
ip dhcp snooping trust
Verify Traffic:
show ip dhcp snooping binding.
More Info: Catalyst 6500 Release 12.2SX Software Configuration Guide - DHCP Snooping [Cisco Catalyst 6500 Series Switches] - Cisco Systems
Press RETURN to get started
:roll:
:roll:
Comments
-
ciscoman2012
Member Posts: 313
Thanks for the info. FWIW, this is CCNP material that is tested on the SWITCH exam. Doesn't hurt to know for the CCNA either though but is not required.
-
MichaelPeterman
Member Posts: 19 ■□□□□□□□□□
BPDU guard
Hard coded access ports
And switch port security
Or would that not stop a router? -
atorven
Member Posts: 319
@MichaelPeterman - Those features wouldn't stop a router from leasing DHCP addresses.
-
BobMead
Member Posts: 55 ■■■□□□□□□□
Yea the nature of a broadcast to 255.255.255.255 would allow the DHCP request and reply providing you have layer 1-3 connectivity.Press RETURN to get started
:roll: