Professional Documents
Culture Documents
www.ine.com
DHCP Snooping
What problem does it solve?
DHCP Server
A VLAN-X Port-3
Port-1
VLAN-X Port-2
Malicious/Evil Person!
Copyright www.ine.com
DHCP Snooping Terminology
Trusted Port
Untrusted Port DHCP Server
A VLAN-X Port-3
Port-1
VLAN-X Port-2
Malicious/Evil Person!
Copyright www.ine.com
DHCP Snooping Operation
DHCP Client messages only allowed from Untrusted to
Trusted ports
DHCP Discover
DHCP Request / Inform
DHCP Decline
DHCP Release
DHCP Server messages only allowed on ingress from Trusted
ports.
DHCP Offer
DHCP Ack
DHCP NACK
Copyright www.ine.com
DHCP Snooping Configuration
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan <vlan-id>
!
Switch(config-if)# ip dhcp snooping limit rate <1-2048>
Switch(config-if)# ip dhcp snooping trust
!
Switch(config)# [no] ip dhcp snooping information option
Copyright www.ine.com
DHCP Snooping Verification
Copyright www.ine.com
DHCP Snooping Monitoring
Copyright www.ine.com